Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Currently, we’re storing the user’s HTTP_REFERER so we can redirect the user back to the previous page they were browsing before they logged in.
Http Referer comes from the client and can be spoofed or blank. Is there a more secure/reliable method to deliver this handy user redirect?
Do you have sessions?
If so, you can track on the server side which pages they have accessed in this session and send them back to the previous one.
(Caching might mess this up, but you could set the cache-control: header appropriately)
But this all seems more pain than gain. Is there any real issue in sending them back to a spoofed page, if they’re silly enough to do that?
Paul.