handmade.network » Forums » Site Feedback » After login, go back to the page you were on
mrmixer
Simon Anciaux
172 posts
#10770 After login, go back to the page you were on
1 month, 2 weeks ago

For the moment, when you login you go back the the site home page. It would be great to go back to the thread you were on (and at the post #id), even if you failed to log in once.
Kelimion
Jeroen van Rijn
202 posts
3 projects

A big ball of Wibbly-Wobbly, Timey-Wimey _stuff_

#10772 After login, go back to the page you were on
1 month, 2 weeks ago

mrmixer:
For the moment, when you login you go back the the site home page. It would be great to go back to the thread you were on (and at the post #id), even if you failed to log in once.


The problem with that is that it can't be done in a trusted way, at least not in a very straightforward way.
The referrer header can't be trusted. Likewise, adding an /after/page-we-came-from param can be faked.

The session from before you log in and the session after you log in aren't necessarily the same session, and even then we'd have to trust the login form to tell us the referring page, which comes from the browser.

I'm not sure there would be any security implications if we did do just this, because even if you changed the 'and then go back to this page' param in the url, if you don't have permission to visit it after you logged in, it's still tough cookies. I'll have to ponder it. We'll come back to this in March when we pick up work on the backend again.

Thanks, Simon.
ratchetfreak
231 posts
#10775 After login, go back to the page you were on
1 month, 2 weeks ago

Kelimion:

I'm not sure there would be any security implications if we did do just this, because even if you changed the 'and then go back to this page' param in the url, if you don't have permission to visit it after you logged in, it's still tough cookies. I'll have to ponder it. We'll come back to this in March when we pick up work on the backend again.

Thanks, Simon.


Then the 2 options are show a 404/403 page or redirect to the main page/project main page
Kelimion
Jeroen van Rijn
202 posts
3 projects

A big ball of Wibbly-Wobbly, Timey-Wimey _stuff_

#10776 After login, go back to the page you were on
1 month, 2 weeks ago

ratchetfreak:
Kelimion:

I'm not sure there would be any security implications if we did do just this, because even if you changed the 'and then go back to this page' param in the url, if you don't have permission to visit it after you logged in, it's still tough cookies. I'll have to ponder it. We'll come back to this in March when we pick up work on the backend again.

Thanks, Simon.


Then the 2 options are show a 404/403 page or redirect to the main page/project main page


Well, yes, that's what I mean by "then it's tough cookies", for the implied visitor in question.