[geeklog-devel] Redirect after login
joe at ThrowingDice.com
Sat Nov 28 12:55:29 EST 2009
At 11:30 AM 11/28/2009, Dirk Haun wrote:
>Tony Bibbs wrote:
> >When you get to login.php be sure to grab referrer and take the back.
>Hmm. We check the referrer only after the login has been confirmed. So
>at this point, it would refer to the login page, not to the page before
>that. So we could include the original referrer with the login data. How
>easily could that be faked?
In the database, no one at all. There is a Geeklog session in the
cookies that is destroyed during login. But before it is destroyed
the database record referenced by the cookie could store the original
referrer. No need for extra post parameters that can be faked. No
need to deal with $_SESSION. Just wrap the "display login" in a
function and it handles getting the return URL into the session record.
Throwing Dice Games
No virus found in this outgoing message
Checked by PC Tools AntiVirus (188.8.131.52 - 10.004.116).
More information about the geeklog-devel