S. Brown
|
| Posted: 02/05/2002, 10:22 PM |
|
Noticed that when a page is selected that requires authentication, the LOGIN page is correctly called; however, the ?Query parameters (to remember which page called the Login I guess) are passed in the address bar of the browser.
Is there a way to override this information being dispalyed to users?
|
|
|
 |
Andrew B
|
| Posted: 02/05/2002, 11:42 PM |
|
I don't think so. Stuff like this can not be easily hidden. The only way would probably be to either stick it in the session, or to have the login look at the http_referer. http_ref would need to be mangled somehow.
The question i have is, if the user typed this page in, don't they already know what it is? If so, what is the point of hiding this information from them.
You would still have to show it, but you could use some type of encryption and continue to pass it in the url, decrypting it at the other end. In this case, though, it still gets stuck in a form var. when they fail the login test. This is pointless once again, since they obviously already know the page name.
|
|
|
|
|
