Re: [cgiapp] maintaining destination after login

Mon, 08 Apr 2002 15:00:20 -0700 

Though I'm going to have to fix the $message thing-  cross-site
scripting attacks and potentially nasty image linking come to mind. . .



On Mon, 2002-04-08 at 18:15, Dan Collis Puro wrote:
> I have a runmode called "redirect_to_login" in my SuperClass that
> handles it.
> 
> My login runmode picks up the referer and message from the
> redirect_to_login sub (yes, I know that someone could pass whatever
> message they wanted here. I'm willing to accept that risk)
> 
> sub redirect_to_login{
>     my ($self,$message)=@_;
>     my $q=$self->query();
>     $self->header_type('redirect');
>    
> 
>$self->header_props(-location=>$self->param('scriptpath').'/user.cgi'."?referer=".$q->escape($s\
> elf->param('scriptname')."?".$q->query_string()).'&message='.$q->escape($message));
>     return;
> }
> 
> Then, all my runmodes look something like:
> 
> sub show_page{
>       my $self=shift;
>       if( <<authorize conditions >>){
>               #Body of runmode
> 
>       } else {
>               $self->redirect_to_login("You don't have access to that page. Please
> login below.");
> 
>       }
> }
> 
> This system works pretty well for my needs, and it's nice to give folks
> reasons that they are seeing a login screen.
> 
> -DJCP
> 
> 
> On Mon, 2002-04-08 at 15:41, Joel Gwynn wrote:
> > This is something I can figure out myself, but I thought you all might
> > have a more elegant solution.  Basically I'm emailing a link saying,
> > 'changes were made to this project.  to see them, please go to
> > http://www.myproject.com/cgi-bin/myproject.cgi?action=viewchange
> > <http://www.myproject.com/cgi-bin/myproject.cgi?action=viewchange&change
> > _id=2&other_param=whatever.'> &change_id=2&other_param=whatever.'
> >  
> > Now, after they click on the link, if they're logged out, they have to
> > log in again.  What's the best way to preserve that original target with
> > all the parameters?  Will I be using a redirect?
> >  
> > BTW, that's not a real link.
> >  
> > TIA
> 
> 
> 
> ---------------------------------------------------------------------
> Web Archive:  http://www.mail-archive.com/[email protected]/
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 



---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/[email protected]/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to