Jump to content

Remembering the last page

monkeytooth

By monkeytooth
in PHP Coding Help

 Share

Recommended Posts

monkeytooth Advanced Member

monkeytooth

Posted
Posted

I am wondering whats the best way to "remember" the last page someone was attempting to access. Lets say I have a members based site. And someone goes directly to an area thats public but requires login. I have the login page independent of the page they land on. So I guess curiously speaking whats the best way to approach and or handle that?

Link to comment
https://forums.phpfreaks.com/topic/239587-remembering-the-last-page/
Share on other sites
redixx Newbie

redixx

Posted
Posted

One way is to have a hidden input in your login form, with the value of $_SERVER['HTTP_REFERER']. Then after you process the login just do a header() location or refresh to the hidden form value.

 

But, HTTP_REFERER can be easily spoofed so it's not necessarily very trustworthy. If you want something more reliable you'll have to save the current page in a session, like crayon said.

.josh Advanced Member

.josh

Posted
Posted

One way is to have a hidden input in your login form, with the value of $_SERVER['HTTP_REFERER']. Then after you process the login just do a header() location or refresh to the hidden form value.

 

But, HTTP_REFERER can be easily spoofed so it's not necessarily very trustworthy. If you want something more reliable you'll have to save the current page in a session, like crayon said.

 

And altering a hidden input field is even easier to spoof than HTTP_REFERER.  And also, if you go the hidden field route, you wouldn't be popping it with HTTP_REFERER, but of the current page url.

 

But anyways, we're talking about redirecting user to the page they were trying to get to when logging in, low probability someone would actually try to spoof something like that.

redixx Newbie

redixx

Posted
Posted

One way is to have a hidden input in your login form, with the value of $_SERVER['HTTP_REFERER']. Then after you process the login just do a header() location or refresh to the hidden form value.

 

But, HTTP_REFERER can be easily spoofed so it's not necessarily very trustworthy. If you want something more reliable you'll have to save the current page in a session, like crayon said.

And also, if you go the hidden field route, you wouldn't be popping it with HTTP_REFERER, but of the current page url.

 

It depends how it is set up. If you go to example.com/admin and it says you need to login, and redirects you to example.com/login, then after you logged in it would redirect you back to example.com/login. If you set the referer to HTTP_REFERER, IE: example.com/admin, that is where you would get redirected.

 

You would only set it to the current page if the login form was on the page you wanted to redirect to.

 

I only said to use a hidden input form because of the above scenario. You can only go back one page, after all. Using HTTP_REFERER at all may not give reliable results.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.