Confusing About This Cookies in Redirecting System

confusing about this cookies in redirecting system

I would not use cookies at all.

Method 1

A possible way could be to store the link visited into a session variable and then when the user reaches the login.php page, provide a header redirect to $url given by the session variable.

Paste this code into all your pages on your website or the main container.

<?php
session_start(); 
$_SESSION['url'] = $_SERVER['REQUEST_URI']; 

For the login page you can have:

<?php
session_start();  // needed for sessions.
if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; // holds url for last page visited.
else 
   $url = "student_account.php"; 

header("Location: http://example.com/$url"); 

Method 2

A simpler solution by far is simply to have:

<hidden name="redirurl" value="<? echo $_SERVER['HTTP_REFERER']; ?>" />

Then redirect to that address once they log in.

However, this is only good if you have a login box on every page.

$_SERVER['REQUEST_URI'] will simply hold the current page. What you want to do is use $_SERVER['HTTP_REFERER'].
So save the HTTP_REFERER in a hidden element on your form, but also take note on that in the PHP that processes the form you will need some logic that redirects back to the login page if login fails but also to check that the referer is actually your website, if it isn't, then redirect back to the homepage.

Method 3

Another common way to do this is to pass the user's current page to the Login form via a $_GET variable.

change your script so that is also tells the login page to remember where you are:

Note: $_SERVER['REQUEST_URI'] is your current page

header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));

Now check if it is populated, then send the user to this:
login.php

echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
    echo htmlspecialchars($_GET['location']);
}
echo '" />';
//  Will show something like this:
//  <input type="hidden" name="location" value="previousPage.php" />

login-check.php

session_start();

//  our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
    $redirect = $_POST['location'];
}

if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
    $url = 'login.php?p=1';
    // if we have a redirect URL, pass it back to login.php so we don't forget it
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location: " . $url);
   exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
    $url = 'login.php?p=2';
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location:" . $url);
   exit();
}
elseif(isset($_SESSION['id_login'])) {
    // if login is successful and there is a redirect address, send the user directly there
    if($redirect)) {
        header("Location:". $redirect);
    } else {
        header("Location:login.php?p=3");
    }
    exit();
}

PDFjs ERR_TOO_MANY_REDIRECTS Request.Cookies

You can try to use the following four methods to solve this error：

• Test with other browsers

You can try visiting the same URL using other browsers. If the error still persists, the issue may come from the server side. You may need to log on the website at another time. If the error doesn’t appear on a new browser, try the methods below to fix issues on your original browser.

• Clear your browser data

Browser data like browsing history, cache, cookies, etc can contain faulty files that cause the ERR_TOO_MANY_REDIRECTS error. Once the browser data are cleared, you can try logging in the website and see if the error is gone.

• Check your browser extensions

You can open the extension manager in your browser to check the extensions you have installed on your browser and disable all the extensions to see if this fix the problem. If it does, you can enable one extension at a time to identify the one that causes the trouble.

• Correct your system date and time

Usually you meet the ERR_TOO_MANY_REDIRECTS error due to the incorrect or outdated date and time settings on your system. To correct your system date and time.

More information about this error you can refer to this link: ERR_TOO_MANY_REDIRECTS

Confusion with cookie session token and oauth2.0 don't know where to go anymore

The configuration instructions for that scenario are detailed in the documentation. Here is the link: http://facebooksdk.codeplex.com/wikipage?title=ASP.NET%20MVC%20Sample&referringTitle=Documentation

For a the authentication in an iFrame app you don't have to use the Javascript SDK (although you will have to use it if you are using any XFBML). All you have to do is redirect the user to the login url. We have three samples that will help you get started. The samples are CS MVC, VB WebForms, and CS WebForms.

Cookie Confusion with FormsAuthentication.SetAuthCookie() Method

The parameter timeout you've found in /system.web/authentication/forms is the timeout (in minutes) of the duration of authentication ticket.

This means that after a certain amount of time of inactivity, a user is prompted to login again. If you try to check this My.Profile.Current.IsAuthenticated it will be false.

You can choose not to persist the cookie. In this situation if your ticket expires, your cookie expires too. The cookie (in case is persisted) has a purpose to remember the user if he/she comes back to your site.

You might want to persist your cookie for 10 years so the user will never have to insert username and password again, unless they've chosen to delete the cookie. The cookie is valid even if the browser is closed (when it is persisted).

Another important thing to remember is the parameter slidingExpiration:

<authentication mode="Forms">
    <forms loginUrl="~/Partner/LogOn" defaultUrl="~/Home/Index" 
           timeout="30" slidingExpiration="true" />
</authentication>

if it's true your authentication ticket will be renewed every time there's activity on your site: refresh of the page etc.

What you can do - and what I've done - is to write your own cookie like this:

 FormsAuthenticationTicket authTicket = new
     FormsAuthenticationTicket(1, //version
     userName, // user name
     DateTime.Now,             //creation
     DateTime.Now.AddMinutes(30), //Expiration (you can set it to 1 month
     true,  //Persistent
     userData); // additional informations

Update

I've implemented this routine cause I want to store my groups in an encrypted cookie:

Dim authTicket As System.Web.Security.FormsAuthenticationTicket = _
        New System.Web.Security.FormsAuthenticationTicket( _
            1, _
            UserName, _
            Now, _
            Now.AddYears(100), _
            createPersistentCookie, _
            UserData)

Dim encryptedTicket As String = System.Web.Security.FormsAuthentication.Encrypt(authTicket)

Dim authCookie As HttpCookie = New HttpCookie( _
    System.Web.Security.FormsAuthentication.FormsCookieName, _
    encryptedTicket)

If (createPersistentCookie) Then
    authCookie.Expires = authTicket.Expiration
End If

Response.Cookies.Add(authCookie)

As you can see I've set the expiration of the authentication cookie and the authentication ticket with the same timeout (only when persisted).

Another thing that I've tried is to stored username and password in the encrypted cookie.
Everytime a masterpage is loaded I check My.Profile.Current.IsAuthenticated to see if the authentication is still valid. If not I read the cookie again, get the username and password, and check it on the DB:

Public Function ReadCookieAuthentication(ByVal Context As System.Web.HttpContext) As Security.CookieAuth

    Dim CookieUserData = New Security.CookieAuth()

    Dim cookieName As String = System.Web.Security.FormsAuthentication.FormsCookieName
    Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName)

    If (Not (authCookie Is Nothing)) Then
        Dim authTicket As System.Web.Security.FormsAuthenticationTicket = Nothing
        Try
            authTicket = System.Web.Security.FormsAuthentication.Decrypt(authCookie.Value)
            If (Not (authTicket Is Nothing)) Then
                If (authTicket.UserData IsNot Nothing) AndAlso Not String.IsNullOrEmpty(authTicket.UserData) Then
                    CookieUserData = New JavaScriptSerializer().Deserialize(Of Security.CookieAuth)(authTicket.UserData.ToString)
                End If
                CookieUserData.UserName = authTicket.Name
            End If
        Catch ex As Exception
            ' Do nothing.
        End Try
    End If

    Return (CookieUserData)

End Function

Security.CookieAuth is an object I've created to return username and password.

CookieUserData is the storage (I save in json format) where I put my password and groups.

Redirect if cookie is null

Why are you checking for user!="" && user!= null in the else block? the user variable is guaranteed to be empty when code enters in this block. This is why window.location.replace isn't executing and the reason why its not redirecting.

    function setCookie(cname, cvalue, exdays) {
        var d = new Date();
        d.setTime(d.getTime() + (exdays*24*60*60*1000));
        var expires = "expires="+d.toUTCString();
        document.cookie = cname + "=" + cvalue + "; " + expires;
    }

   function checkCookie() {
   var user=getCookie("username");
    if (user != "") {
        alert("Cookie Set: " + user);
    } else {
       //user = prompt("Please enter your name:","");
           setCookie("username", "value", 1);
           window.location.replace("http://stackoverflow.com");
    }
}

How to get HttpWebRequest.AllowAutoRedirect to set the cookies when doing a GET/POST on the redrected page?

I know to make separate requests (ie. different HttpRequest objects) work with cookies, you need to set the HttpRequest.CookieContainer property on both requests to the same instance of a CookieContainer. You might need that for this case as well.

---

Related Topics