Menu
Let's say I want to navigate to the contact page. But in order to get there, the site requires me to login. After logging in, I'm supposed to be redirected to the contact page, but I'm somewhere else. What should I do such that I should be redirected to the page I want after logging in?
I have a strong feeling that this has something to do with sessions but nonetheless. What should the approach be?
393
You have three general approaches:
(1) looks something like:
<?php
session_start();
if (!$_SESSION['userid']) {
$_SESSION['page'] = '/contact';
header('Location: /login');
exit;
}
...
?>
On successful login retrieve $_SESSION['page'] and redirect.
(2) is similar except there is no session variable. Instead you have:
header('Location: /login?return=/contact');
to pass the redirect. The login page will have to include it as a hidden form field on the page that presents the user with a request for the username and password.
(3) is similar but doesn't redirect to a separate page. Instead each page can potentially be a login page. If the user isn't logged in a login form is presented instead. The URL will still be "/contact". Each page will detect and handle log in attempts.
The advantage of this method is one less external redirect and it's easier to handle submitted forms. By this I mean that imagine someone fills out a form on one of your pages and then clicks submit. The system sees their login has expired. If you redirect the user to a new page and then redirect back they will probably need to re-enter all the form fields. If you handle the login implicitly you can include all the form fields as hidden inputs and once logged in seamlessly treat it as a submission of the original page.
181
The approach I normally use:
$_SERVER['HTTP_REFERER'] variable (which will be set to the page the user came from, i.e. the contact page) and store that as a hidden field.The beauty about this is that it automatically works for all pages that require being logged in without having to set session variables on each page.
One caveat: when logging in you should check that the page in the referer is on your site, not a completely different site, in case the user happened to come from Google, for example.
42
I tend to redirect to the login page, passing the current URL in the query string.
The page to protect
session_start();
if (!isset($_SESSION['user_id']))
{
// Fetch current URL
$this_url = $_SERVER['REQUEST_URI'];
// Redirect to login page passing current URL
header('Location: login.php?return_url=' . urlencode($this_url));
exit;
}
// Continue processing
echo 'Hello from this page';
The login page
session_start();
// Simulate logging in user
$_SESSION['user_id'] = 1;
// Fetch URL to redirect to
$return_url = isset($_GET['return_url']) ? $_GET['return_url'] : 'site_home.php';
// Redirect back
header('Location: ' . $return_url);
In the code above I just simulate the process of logging in. Normally the user should submit their credentials through a form, the credentials are verified and then the user is logged in. The URL of the page to redirect back to must be maintained through this process. You can either continue to pass the URL in the query string or through a hidden input field in the form.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
