Re: The prefered 'login' procedure and redirect.

From: Chung Leong (chernyshevsky_at_hotmail.com)
Date: 03/25/05 

Date: Fri, 25 Mar 2005 02:15:16 -0500

"Simon" <spambucket@myoddweb.com> wrote in message
news:3af6kuF68kv59U1@individual.net...
> Hi,
>
> I have a Login.php page that logs the user in and out.
> I has two forms within the page, (depending on what we are trying to do),
> either one to log in or out.
>
> The form calls itself using a post method and either logs the user in our
> out given the information from the form.
> but every pages use sessions and cookies, if the user is successfully
logged
> in then the cookies and session values are updated, (as well as MySQL).
>
> Now it all works fine but I want to add some functionality where if the
user
> goes to a restricted page they are sent to the login page, and if the
login
> is successful then they will be sent back to the original restricted page.
>
> I can redirect the user from the restricted page to the login page, but
> returning to the restricted page after login is a problem as the headers
> have been sent already, (to do the login).
> Because the login uses sessions/cookies and tables I have to send the
> headers to do the login as I cannot login the user and then redirect them
to
> a page, (the redirect must be before sessions/cookies I believe.
>
> So what is the 'preferred way to redirect users after a successful login?

When a user access a restricted page and he/she is not logged in, redirect
him/her to the login page with the requested uri in the URL. The login page
writes the request uri in a hidden field along with fields for user name and
password. When authentication/authorization is successful, the post handling
code of the login page redirects to the request uri. If not, the login page
redirects to itself.

Redirect can happens after the session is set, since it's just an HTTP
header. There's no problem simultaneously setting a cookie and redirecting
the browser.

Relevant Pages

  • Re: Logged in - Session timeout
    ... You have that info in a session, and then simply send them to: ... take any querystring info with it that you may need.... ... Now the users times out and you redirect them to your login page, ...
    (microsoft.public.inetserver.asp.general)
  • Re: you are not logged in
    ... after your login, you again go back to the same page. ... user logs in what the code would do? ... you know these kind of sequences could arise. ... I would think you would keep track of whether the user was logged in in the session and when a function is called that requires the user to be logged you would check in the session if this was so and act accordingly. ...
    (comp.lang.java.programmer)
  • Re: Need to know when user logs in again.
    ... Why not do it in the Login page before you redirect after a successful ... Neither Session start nor that global.asax event are appropriate for this ... > I have a forms based authentication. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Page redirect
    ... The solution is simply save requested url in session and after user logged ... In my application, if someone enters url which requires login, am ... logging, i want to take the user to page from where he has been ... after logging, redirect user to questions/new ...
    (comp.lang.ruby)
  • Re: Session Management when launching "New" Window
    ... ASP.NET page creates a session object against our application ... session redirect to a different page rather than the login. ... redirect to a page with some javascript that checks if it's a child window ...
    (microsoft.public.dotnet.framework.aspnet)