Save the referrer when locating them to the login page. Use that
referrer upon login to relocate again.
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This
: Tuesday, September 07, 2004 1:34 AM
Subject: RE: Return Links (best practice)
Save the referrer when locating them to the login page. Use that
referrer upon login to relocate again.
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
Why would that be unreliable? Yes you can spoof referrers as a client,
but they are only used as a relocate target not as a check whether
someone is logged in. You can store paths in sessions etc. but you must
make sure you update the path on each request, and ignore the setting of
the path during
, September 07, 2004 1:44 AM
Subject: RE: Return Links (best practice)
Why would that be unreliable? Yes you can spoof referrers as a client,
but they are only used as a relocate target not as a check whether
someone is logged in. You can store paths in sessions etc. but you must
make sure you
I think most developers still use referrers though :P
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
You could use Application.cfm (or a file that you include in relevant
places) to contain the whole login procedure and use self posting forms
for the login. This way you never leave the page you requested.
IF not logged in
IF not coming from the login form
Show the login form
Abort
IF coming from
I think most developers still use referrers though :P
Many personal security software, like Norton Firewall remove the referrer
from the HTTP request. Same for a good amount of corporate firewalls.
It's indeed pretty annoying for us developers...
Massimo Foti
Yup that is indeed true
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and
I disagree on that. If you use referrer information your website to
redirect people back, your website is not working properly for about
30-40% of you customers. We store the last page visited in the Session
scope.
Adam H
On Tue, 7 Sep 2004 08:55:35 +0200, Micha Schopman
[EMAIL PROTECTED] wrote:
I have a security check in my Application.cfm that checks to see if the
requested page requires a login, and if the person is not currently logged in,
calls the logon page, sending it the requested page.
In the logon page, I copy all URL to the FORM statement and create INPUT
TYPE=HIDDEN for each
the best methods to returning users back to where
they came from after they log in.
We approach this with the rule of thumb never trust the data the client is
sending youSo do not depend on referrer or cookie information unless you
absolutely have to.On our simpler login sites we insist on
11 matches
Mail list logo
