Re: history.back()

Hi,

By server-side you must do it another way... Two approaches could be:

One step back -> using $ENV{HTTP_REFERER}

Another possibility is using cookies or sessions to store the movement through your website.
And then showing a list of pages visited before, reading the stored cookie or session info.

Other thing that could be useful is HTML::Breadcrumbs

Regards,

Comment on Re: history.back()

Replies are listed 'Best First'.
Re^2: history.back() by jhourcle (Prior) on Jun 24, 2005 at 14:33 UTC
HTTP_REFERER can't really be trusted, as it's input, and so should be considered tainted. Some browsers don't populate it at all (for security reasons), or selectively populate it (browsers aren't supposed to populate it if they follow a link from HTTPS to HTTP) I also wouldn't suggest going with a session approach, as the user may spawn multiple windows, and so the last page they visited in that session may not be the last session in that window. I think a breadcrumb approach is good, and just tell the user to click on it. or you can do another potentially bad thing, and confuse the hell out of your visitors: `print <<EOF; Content-type: text/html <html><head><title>Go Away!</title></head> <body onload='history.go(-1);'></body></html> EOF` [download] Typically, if I have a page that is going to need to send someone back to where they came from, I'll do like tlm suggested, and send the location they came from in a hidden field (eg, if they trigger a page that needs authentication, I'll pass them to the authentication page, but keep track of where they tried visiting, so that after they authenticate, I can send them back to where they were trying to go)	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: history.back()
by jhourcle (Prior) on Jun 24, 2005 at 14:33 UTC

HTTP_REFERER can't really be trusted, as it's input, and so should be considered tainted. Some browsers don't populate it at all (for security reasons), or selectively populate it (browsers aren't supposed to populate it if they follow a link from HTTPS to HTTP)

I also wouldn't suggest going with a session approach, as the user may spawn multiple windows, and so the last page they visited in that session may not be the last session in that window.

I think a breadcrumb approach is good, and just tell the user to click on it.

or you can do another potentially bad thing, and confuse the hell out of your visitors:

print <<EOF;
Content-type: text/html

<html><head><title>Go Away!</title></head>
<body onload='history.go(-1);'></body></html>
EOF
[download]

Typically, if I have a page that is going to need to send someone back to where they came from, I'll do like tlm suggested, and send the location they came from in a hidden field (eg, if they trigger a page that needs authentication, I'll pass them to the authentication page, but keep track of where they tried visiting, so that after they authenticate, I can send them back to where they were trying to go)

[reply]
[d/l]