Re: HTTP Referrer

Sat, 18 Nov 2000 10:58:42 -0800 

Rather than trying to use http_referer in your login page, try the following.
Depends a little on how you have your security system setup.  If you're
including at the top of every secured page a template/code snippet to detect if
someone is currently logged in, have that bit of code note 'cgi.script_name',
which is the requested template.  When that code redirects to the login page,
pass the template name to the login page and then pass it along as a hidden
field.  If your security scheme has different levels of access be sure to have
it also verify that the user is permitted to access the page in question at the
same time as you verify the username and password.

Jim


-----Original Message-----
From: W Luke <[EMAIL PROTECTED]>
To: CF-Talk <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, November 18, 2000 10:59 AM
Subject: Re: HTTP Referrer


>
>> Relying on the referer to take a user back after loggin in is Not A Good
>> Idea(tm). Microsoft's IIS does not send the http_referer when not in a
>> secure section of a site (e.g. https://) Here is the microsoft article
>that
>> tells of their reasoning...
>>
>> http://support.microsoft.com/support/kb/articles/Q178/0/66.ASP
>>
>
>Thanks for the link.  I'm running O'Reilly WebSite Pro, and have been
>testing this for the past few hours with IE, and it does seem to work very
>well.
>
>> One /excellent/ way around this is to use the Fusebox custom
>> tag  CF_ReturnFuseAction by Steve Nelson. You don't even need to use any
>> other part of Fusebox. It works like a charm in both IE and Netscape. You
>> can find the tag on the Fusebox sit (www.fusebox.org) or in Allaire's Dev
>> Exchange
>>
>(http://devex.allaire.com/developer/gallery/info.cfm?ID=CA3477C0-2830-11D4-A
>A9700508B94F380&method=Full
>> ) <--watch the word-wrapping
>
>Fusebox - that name continues to crop up!  I'll take a look.
>
>Thanks,
>
>Will


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to