Is there anything wrong with storing the "current_url()" function in a session variable for login return url?

Is there anything wrong with storing the "current_url()" function in a session variable for login return url?

El Forum
Guest

04-24-2011, 06:23 PM

[eluser]oppenheimer[/eluser]
I don't see any risk as long as controllers check for authorization.

Also, have you tested all the various conditions like:
<ul><li>Failed login attempt</li>
<li>Successful login attempt</li>
<li>User visits several pages then logins</li>
<li>User goes to login page first and then logins</li>
<li>The lastlogin page is changed by the user to a different page</li>
</ul>

Messages In This Thread

Is there anything wrong with storing the "current_url()" function in a session variable for login return url? - by El Forum - 04-24-2011, 02:27 AM

Is there anything wrong with storing the "current_url()" function in a session variable for login return url? - by El Forum - 04-24-2011, 06:23 PM

Is there anything wrong with storing the "current_url()" function in a session variable for login return url? - by El Forum - 04-24-2011, 09:57 PM

Is there anything wrong with storing the "current_url()" function in a session variable for login return url? - by El Forum - 04-25-2011, 09:18 AM