| Issue 13: | If browser does not send referrer, some login links do not send user back to origin | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
Browsers can, for security purposes, be set to withhold the referrer URL. Many of our links to log in do not include the destination path in their login link, which causes non-referring browsers to never get sent back to their origin. To fix this, we should try to always include a destination URL when constructing links to log in. Perhaps we could deprecate the use of the http referrer (trigger an error when no dest_page is available, perhaps). |
||||||||||||||
,
Sep 29, 2009
Do we have any indication of how common this is? While including the destination URL seems like the best practice, this seems like one that could take a while to clean up with a small payoff. |
|||||||||||||||
,
Sep 30, 2009
It might at least make sense to create a method that returns the full url of the login page, with the destination URL properly included and encoded, and to start using it as the proper approach going forward. Hopefully that way we won't perpetuate old habits even if we can't fix up all the code right away. |
|||||||||||||||
 Sign in to add a comment
|
|||||||||||||||
