Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Intended URL redirect + default redirect after login?

Tags:

javascript

jquery

redirect

php

codeigniter

When a user tries to access our website via a link (for instance going to www.website.com/privatepage) they are redirected to a login page. Once they login, we want to redirect them to that intended URL - how do you do this?

Also we have a use case where a user logs in from the homepage, or goes directly to the login page with no intended URL - in this case we'd like to redirect them to a default page.

Can anyone help me figure this out?

like image 223
Walker Avatar asked Aug 25 '10 18:08

Walker

People also ask

How do I redirect a requested URL after login?

The most common ways to implement redirection logic after login are: using HTTP Referer header. saving the original request in the session. appending original URL to the redirected login URL.

How do I redirect back to original URL after successful login in laravel?

You may use Redirect::intended function. It will redirect the user to the URL they were trying to access before being caught by the authenticaton filter. A fallback URI may be given to this method in case the intended destinaton is not available.

How do I automatically redirect a URL?

The simplest way to redirect to another URL is to use an HTML <meta> tag with the http-equiv parameter set to “refresh”. The content attribute sets the delay before the browser redirects the user to the new web page. To redirect immediately, set this parameter to “0” seconds for the content attribute.

2 Answers

in your login page:

if you go to www.example.com/private_page

using CodeIgniter (on private page)

// if user is not logged in...
$_SESSION['redirect'] = $this->uri->segment(1);
redirect('login');

on login page

// successfully logged in..
if (isset($_SESSION['redirect'])) {
    redirect($_SESSION['redirect']);
} else {
    // redirect to default page
}
like image 125
tpae Avatar answered Oct 15 '22 04:10

tpae

It might be a good idea to have a whitelist of accepted urls when redirecting in this fashion - otherwise, an attacker could send someone a link like example.com/login?attacker.com/fake_examplecom and the user will be redirected to the attacker's site while thinking they have just logged in to your site. The original url pointed to your site, so it looks trustworthy. There's a lot of nasty things that can be done with this, as you can imagine.

like image 37
Swordgleam Avatar answered Oct 15 '22 06:10

Swordgleam
Sign in to Comment

Related questions

Magento: how to prefill values of a product's dropdown attribute
How to force a browser to show the latest changes to a CSS file?
Business Logic in PHP or MySQL?
What is the "right" Way to Provide a Zend Application With a Database Handler
Why does file_get_contents() return the error "Filename cannot be empty"?
Send activation email to user
Inserting data in oracle database using php
Shorten string with a "..." body
Ignore duplicates when using INSERT in a Database with Symfony and Doctrine
PHP Speed Vs Other Languages
Where to start with the development of first database driven Web App (long question)?
Reading a File into a Byte Array (PHP)
Deleting a specific item by using array_splice/array_slice in PHP
failed to load external entity error on SOAP
What's the difference between Smarty and Zend?
php mysql timestamp
What is the PHP operator % and how do I use it in real-world examples?
How can you parse excel CSV data that contains linebreaks in the data?
CodeIgniter: How to 'highlight' the link of the page the user is currently on?
PHP: func_get_args performance?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!