ljamison has asked for the wisdom of the Perl Monks concerning the following question:

Hail Monks!

I've come across a CGI problem which Google has completely failed to assist with.

I'm successfully able to capture the referring page for page-to-page navigation without a problem. However, if a user attempts to login and the login fails, then $ENV{'HTTP_REFERER'} winds up being set to the login script instead of the referring page.

To illustrate:

# If a user goes from the homepage 'index.pl' to 'search.pl'
$ENV{'HTTP_REFERER'} =~ /index.pl/;

# From 'search.pl', a user clicks on the link to login via 'login.pl'
$ENV{'HTTP_REFERER'} =~ /search.pl/;

# If the user logs in SUCCESSFULLY they are redirected
# back to 'search.pl'
#
# However, if the user types an incorrect password,
# $ENV{'HTTP_REFERER'} matches
# $ENV{'HTTP_REFERER'} =~ /login.pl/ instead of retaining the
# intended $ENV{'HTTP_REFERER'} =~ /search.pl/

[download]

So far I have not been able to find any way to force $ENV{'HTTP_REFERER'} to keep 'search.pl' on failed login. Please advise! Thank you!

Replies are listed 'Best First'.
Re: $ENV{'HTTP_REFERER'} problems on failed login in CGI
by Corion (Patriarch) on Aug 31, 2016 at 13:44 UTC

    For a failed login, the browser actually makes two HTTP requests, so $ENV{'HTTP_REFERER'} is actually correct.

    You should not use $ENV{'HTTP_REFERER'} for anything serious, as it can be unavailable (if HTTPS is used as protocol) or misleading.

    I recommend saving the next page to use when displaying the login screen as an additional parameter of the URL. Also, make sure that you will only ever be redirecting to an URL on the same host instead of URLs outside.

    Most likely, /search.pl will want to redirect the user to /login.pl?return_to=/search.pl and redirect the user from the login page to /search.pl.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom