Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Redirect user to previous page after logging in

4:48 pm on Sep 16, 2009 (gmt 0)

5+ Year Member

My log-in script currently directs all users to account.php after logging in.

For convenience of the user I would like to redirect them to the page that prompted them to log-in.

Currently I am using $referer = $_SERVER['HTTP_REFERER']; to get the refering page and then I'm using a header redirect to send them back header("Location:$referer");

The problem:

When pressing submit $referer equals the current log-in page.


$referer = domain.com/previouspage.html
*click - login*
$referer = domain.com/login.html

8:06 pm on Sep 16, 2009 (gmt 0)

5+ Year Member

Well, in this case you will want to hardcode your referer. One way is to use a session variable to store the page where the user visits - except in the login page. Then it's just a matter of calling the variable in your header function.
9:18 pm on Sep 16, 2009 (gmt 0)

5+ Year Member

Hi d40sithui thanks for your help, I just did a quick search and this is what I came up with.

Hows this sound? Am I on the right track?

$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];

$referer = $_SESSION['referer'];

and then:

I can't test it right now, will do so in the morning.

11:09 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

You don't want to disturb it if it is already set:

if (!isset($_SESSION['referer']) {
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];

But what if they are suppressing the referrer using browser options? Maybe ...

Links to login page (login.html):

login.html?referer=<?echo $_SERVER['SCRIPT_NAME']?>


if (!isset($_SESSION['referer']) {
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
else {
if (isset($_GET['referer'])) {
$_SESSION['referer'] = htmlspecialchars($_GET['referer']);
else {
$_SESSION['referer'] = "account.php";

BIG danger exposed by letting a $_GET parameter redirect a page, but since it is not persistent and only affects the one visitor, if they break it, they bought it. No harm done. Just make sure you test the parameter's value before you use it. I used htmlspecialchars() to do that in this example.

NOTE: I have included .html files in my PHP parsing by adding that extension to php.ini (or httpd.conf or wherever your MIME settings live). That's why I can use PHP on .html pages. The overhead of parsing all pages through the PHP engine is tiny, and I have never run into resource issues as a result of setting up a server this way. If you choose not to do that, then you would only be able to include PHP instructions on .php pages. Adjust to taste.

3:04 am on Sep 19, 2009 (gmt 0)

5+ Year Member

I was actually thinking of NOT using $_SERVER['HTTP_REFERER'] in the first place. Rather, use $_SERVER['PHP_SELF'] to get your current script name. On each page you would reassign $_SESSION['referer']=$_SERVER['PHP_SELF'] unless it is the login script.

Featured Threads

Hot Threads This Week

Hot Threads This Month