Wanted to quickly touch on a UI design, or rather, lack there of, that I encounter often enough on websites which can be really annoying. Say you get to a website that you’re a member of and the link you click on requires you to be a member and login… and you do (login)… and conveniently enough, you’re taken to some main account screen – not the page you were looking for (where that links goes).
Now a little tip for users, most websites use sessions to keep you logged in, and in most cases you can use your browser’s back button to go back to the original page you requested before it redirected you and refresh that page, and you’re there. But it shouldn’t have to be that way. If you’re a developer, you need to think ahead in your coding and login script. You’ll need to implement some way of redirecting the user to the protected page that they originally requested after they login. This is easier said than done sometimes, especially if your script is already written.
Some extra tools to use here if you’re in a tight spot for coding: Cookies and Header Redirects. Let’s say you’re script is already written… it looks something like this:
- Person clicks on link to a protected page on the site, requesting the protected page
- You have some code that either forwards them to a login page or displays a login page
- The login and it automatically goes to/displays a main account page.
It can be tough to implement and carry variables over these pages and between files, so storing and passing the initially requested URL can be difficult. Although, using Cookies can work pretty well. The basic idea is to interrupt the second step. When the code is forwarding them to a login page/content, it’ll first check to see what the URL is and store it as a Cookie variable. Then when they are logging in, before it sends them off to the main account page, we can check that Cookie to see if it’s set and what’s in there. It would be smart to compare that value to an array of allowed values and forward them to the necessary page/content afterwards, if it matches something in your control array. To store that URL, I would use a regular expression to grab the page name and since it’s likely that some of your protected pages will have GET vars attached, take those variables and store them in a separate cookie, later appending them if the page matches what’s in your control array. You shouldn’t really need to deal with POST variables between a non-protected and a protected requested URL.
