Do not send the url the user was trying to reach as a url variable. This is ugly and error prone. Sites that do this, forget to preserve the url if user enters incorrect username or password or tries to retrieve the password.
After verifying that the user is logged in and before redirecting to log in screen, save the current url as a session variable.
ColdFusion:
<cfset session.fromurl = cgi.script_name & "?" & cgi.query_string />
PHP:
$_SESSION["fromurl"] = $_SERVER["REQUEST_URI"];
After the user has successfully logged in, assign the url to a variable and delete the session variable and then redirect.
ColdFusion:
<cfset variables.fromurl = session.fromurl />
<cfset structdelete(session, "fromurl") />
<cflocation url="#variables.fromurl#" addtoken="no" />
<cfset structdelete(session, "fromurl") />
<cflocation url="#variables.fromurl#" addtoken="no" />
PHP:
if (isset($_SESSION['fromurl'])) {
$url = $_SESSION['fromurl'];
unset($_SESSION['fromurl']);
header('location:'.$url);
}
$url = $_SESSION['fromurl'];
unset($_SESSION['fromurl']);
header('location:'.$url);
}
I tried this but CGI.QUERY_STRING and CGI.SCRIPT_NAME only return the url of the current page, not the one the user clicked in an email. You describe the problem perfectly but your solution does not work for me.
ReplyDeletePerhaps it's code placement. I tried to save the url clicked first in my application.cfm page, then the page after that before my login page. This didn't work.
Please help!!
Sam (yabassi_online@yahoo.com)
ON you coldfusion example the first example should read
ReplyDeleteThe session. was omitted
This helped me out. THKS
Thanks for the heads up.
ReplyDeleteLooks like my new layout's making the text invisible.
Useful bit of code, thanks!
ReplyDelete