Is it better to use HTTP REFERER for redirection or use some other method?
Do you have sessions?
If so, you can track on the server side the pages they accessed in this session and send them back to the previous one.
(Caching can mess this up, but you can adjust the cache control header accordingly:
But it all seems more painful than winning. Is there any real problem with sending them back to a fake page if they're stupid enough to do so?
Paul.
source to share
Not that I know. But then are you suggesting that regular users will pretend that their Referent is just being redirected to the wrong place? It looks unlikely.
I'm worried about having to redirect users to where they came from without even asking them about it. I either have a preference option to decide whether to allow this or not (and where), or pre-request them for a redirect, having the option to deny the redirect.
If RoBorg expects you to offer login screens for different sites other than your own, and you want to keep the original site, then of course you can use the same form to submit the site they signed in to.
source to share
The referee probably works great for most users, although I think you will need to check the XSRF. What we do is that when someone gets into an area where they have to login, they are redirected to the login page with the URL where they were saved in the session.
Once they are logged in, they will be redirected to the previous URL.
Of course, this depends a lot on your authentication setup!
I have a function that uses several different methods to redirect depending on which path the user took to get to the login page.
The function I call after the user is logged in looks something like this:
Protected Sub doRedirect(ByVal sender As Object, ByVal e As System.EventArgs)
If Not Request.QueryString("rtn") Is Nothing Then
Response.Redirect(Request.QueryString("rtn").ToString)
ElseIf Me.hidden_return.Value <> "" Then
Response.Redirect(Me.hidden_return.Value)
ElseIf Not Request.UrlReferrer Is Nothing AndAlso Request.UrlReferrer.Segments(Request.UrlReferrer.Segments.Length - 1) <> "login.aspx" Then
Response.Redirect(Request.UrlReferrer.ToString)
Else
Response.Redirect("default.aspx")
End If
End Sub
Obviously this can all be spoofed on the client side, but I don't care if they want to fool themselves.
source to share