Redirect referrer header

Question

I have a login script in PHP, where I redirect clients to. When the client is logged in, I want to return the user to the page which 302 redirected him to the login page.

I want to keep the url as clean as possible (preferably, only /login), and I don't want to use cookies, like a session cookie.

I attempted to rely on $_SERVER['HTTP_REFERRER'], but I have a problem that when I click a link that require login, the $_SERVER['HTTP_REFERRER'] is set to the page where the link was clicked, not the destination page which is the one that sends the 302 redirect. (FF4)

If $_SERVER['HTTP_REFERRER'] isn't set (https, bookmark or whatever), then I clutter up the GET url with the return url (/login/return/myurl). For all other cases (where browser supplies HTTP_REFERRER on the request which redirects to /login), I really want to rely solely on the $_SERVER['HTTP_HEADER'] to produce a clean url.

Is there any way to politely ask the browser to send 'correct' referrer using the redirect header, or am I stuck with clogging up the url for all redirects?

Answer 1

No, there is no way to ask browser for anything referrer-related.

If I were you, I'd won't redirect anyone anywhere but show login form right in place (on a template-driven site it's extremely easy), storing current location in a hidden field.

Answer 2

You have no way of specifying the URL that is sent in the Referer header. You have three options.

• Store the URL in a session.
• Store the URL in a cookie.
• Store the URL in a request parameter.

The request parameter is the most appropriate, because the user might have multiple windows open (that share the session and the cookies) and you can easily distinguish them.