I am creating a website using Java servlets, and I have a page called LogIn. What I want to happen, is that once the user successfully fills out the login form, it returns them to the page that they were previously on.Now this works fine with a GET or a POST from another page, because the previous page is stored in the Referer header. But when I redirect (302) to the LogIn page (from a page that a user cannot access because they are not logged in), the Referer header is null.
90% accept rate
feedback
2 I wouldn't trust the referer header anyway since you're dependent on the browser whether it's been sent along. Rather supply it yourself based on the current request URI.response.sendRedirect("login?from=" + URLEncoder.encode(request.getRequestURI(), "UTF-8"));
and then in the login form<form action="login" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="hidden" name="from" value="${param.from}">
<input type="submit">
</form>
and then in the login actionUser user = userDAO.find(username, password);
if (user != null) {
session.setAttribute("user", user);
response.sendRedirect(request.getParameter("from"));
} else {
request.setAttribute("error", "Unknown login");
request.getRequestDispatcher("/WEB-INF/login.jsp").forward(request, response);
}
Update: or if you want to be parameter-less (as per your comment on other answer), (ab)use the session.session.setAttribute("from", request.getRequestURI());
response.sendRedirect("login");
and then in the login actionresponse.sendRedirect((String) session.getAttribute("from"));
session.removeAttribute("from");
Ok, so GET parametres really are the only way to do it? We are trying to make the URLs very short and meaningful, so unfortunately this means no GET parametres. – DanieL Jan 11 at 21:01 I already updated the answer a sec after I saw your comment on other answer. F5 your browser. – BalusC Jan 11 at 21:02 Ah yes, session abuse. I think I might already use that somewhere, so I might as well use it here too. Thanks!– DanieL Jan 11 at 21:26
feedback
1 You might want to just append the current page as a GET parameter ie http://yoursite.com/login?redir=/topics so that in your auth servlet, if the user doesn't have the appropriate credentials, just take the current uri, append to the login url and redirect.
Yes, that is possible, but with this particular site, we are trying to make the URLs very short and meaningful, so unfortunately this means no GET parametres. – DanieL Jan 11 at 20:55 Could you perhaps look at dropping a cookie or storing the vals in session? I don't like the solution, personally, but is plausible. – Ryan Jan 11 at 21:00 Yea, I think I might already use that somewhere, so quite a plausible solution. Thanks! – DanieL Jan 11 at 21:26
feedback
I am creating a website using Java servlets, and I have a page called LogIn. What I want to happen, is that once the user successfully fills out the login form, it returns them to the page that they were previously on. Now this works fine with a GET or a POST from another page, because the previous page is stored in the Referer header. But when I redirect (302) to the LogIn page (from a page that a user cannot access because they are not logged in), the Referer header is null.
| |||
feedback |
2 | I wouldn't trust the referer header anyway since you're dependent on the browser whether it's been sent along. Rather supply it yourself based on the current request URI. and then in the login form and then in the login action Update: or if you want to be parameter-less (as per your comment on other answer), (ab)use the session. and then in the login action | ||||||
feedback |
1 | You might want to just append the current page as a GET parameter ie http://yoursite.com/login?redir=/topics so that in your auth servlet, if the user doesn't have the appropriate credentials, just take the current uri, append to the login url and redirect. | ||||||
feedback |
