[geeklog-devel] Redirect after login

Joe Mucchiello joe at ThrowingDice.com
Sat Nov 28 12:55:29 EST 2009


At 11:30 AM 11/28/2009, Dirk Haun wrote:
>Tony Bibbs wrote:
>
> >When you get to login.php be sure to grab referrer and take the back.
>
>Hmm. We check the referrer only after the login has been confirmed. So
>at this point, it would refer to the login page, not to the page before
>that. So we could include the original referrer with the login data. How
>easily could that be faked?

In the database, no one at all. There is a Geeklog session in the 
cookies that is destroyed during login. But before it is destroyed 
the database record referenced by the cookie could store the original 
referrer. No need for extra post parameters that can be faked. No 
need to deal with $_SESSION. Just wrap the "display login" in a 
function and it handles getting the return URL into the session record.



----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 



No virus found in this outgoing message
Checked by PC Tools AntiVirus (6.0.0.19 - 10.004.116).
http://www.pctools.com/free-antivirus/



More information about the geeklog-devel mailing list