Geek Answers Handbook

Estimated URL redirect + default redirect after login?

When a user tries to access our site via a link (for example, by going to www.website.com/privatepage), they are redirected to the login page. After logging in, we want to redirect them to the specified URL - how do you do this?

We also have a precedent when a user logs in from the home page or goes directly to the login page without a destination URL - in this case we would like to redirect them to the default page.

Can someone help me figure this out?

+6
javascript jquery redirect php codeigniter
source share
4 answers

on the login page:

if you go to www.example.com/private_page

using CodeIgniter (on personal page)

// if user is not logged in... $_SESSION['redirect'] = $this->uri->segment(1); redirect('login');

on the login page

 // successfully logged in.. if (isset($_SESSION['redirect'])) { redirect($_SESSION['redirect']); } else { // redirect to default page }
+6
source share

It might be nice to have a white list of accepted URLs when redirecting in this way - otherwise the attacker could send someone a link like example.com/login?attacker.com/fake_examplecom, and the user will be redirected to the attacker's site, thinking that they just entered your site. The original url pointed to your site, so it looks trustworthy. There, as you can imagine, you can do a lot of unpleasant things.

+5
source share

How are they redirected to the login page? Whatever method you do, you can add a GET variable at the end of the login page URL, and then reference that variable on the login page.

So, the user wants to access www.example.com/privatepage , but you first need to log in to www.example.com/login . Reassign them to www.example.com/login?targetpage=/privatepage , then in the code for your login page you can access the targetpage variable.

+4
source share

I usually store the page in a PHP session before redirecting the login page. After logging in, check if the session value is set if it is then redirected to this page.

+3
source share

More articles:


All Articles