Is it possible to create a page that redirects to a private page if a correct time sensitive variable is passed?
Ex:
http://www.mysite.com/redirectpage.aspx?code=0912042400
The code value is a year-month-day-time combination that must fall withing some time window (15 min, 30 min etc) based on the server’s time.
The redirectpage would parse the code and would redirect to a private page (using an obfuscated url with the code variable) if the code is valid or show a 404.
Usage scenario:
- Party A wishes to show party B a private page.
- A sends a link to B with a code that is valid for the next 30 minutes.
- B clicks the link and is redirected to a private page.
- After 31 minutes clicking the link produces a 404 and a refresh/postback of the private page also produces a 404.
Thanks
Yes.
One approach is to concatenate the “valid start time” with a private string known only to the server. Generate a has code (e.g. MD5 hash) based on that concatenated value. Send the “valid start time” and the hash back to the client. They pass both back in to view the page. The server re-combines the “valid start time” with the secret key, recomputes the hash, and ensures it matches the passed-in hash. If it matches, compare the passed-in time to the server time to make sure the redirect is still valid.
There is no need for a database of valid keys and what time range they pertain to with this approach. You can even add the page name for the redirect to the time to make the system completely self-contained.