How do you pass in a redirect URL into a mod_rewritten page

Question

I mod_rewrite my pages very similar to how SO does it. I have www.example.com/users/login/ which will internally use users.login.php which acts as a controller. I want to pass in a parameter as a page to redirect to once the login is complete.

If you pass in a relative URL you end up with a very peculiar looking URL because you are passing in something like questions/ which looks like users/login/questions/ instead of login.php?redir=questions.php

Does anyone have any comments or solutions for how this can be worked out nicely without polluting the URL horribly? I think the way SO handled it was to put the login form ON the "Ask Question" page. I suppose that is a solution but I'm looking for other possibilities.

Edit: It seems like using $_SERVER['HTTP_REFERER'] is the best solution so far. Is there any reason not to use it? I realize you can fake the referer but will that actually cause any damages?

Answer 1

I use hidden field in the login form that contains the url and it works for me. you can try that too.

1. create hidden input field.
2. set the value of the input field to $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
3. get posted url and redirect user to that url.

Note: HTTP_REFERER is not always set.

Answer 2

Best practice for storing a previous page visted is to use the $_SESSION global. Using HTTP_REFERER for anything besides statistics is asking for user abuse since you can easily fake a referer.

Check out this link about storing multiple session IDs in a cookie. http://bytes.com/groups/php/7630-handling-multiple-sessions

Answer 3

Why don't you use a URL like /users/login/?r=/questions/ ? Or if you don't want to use the URL to take the return address along, you could use the HTTP referrer.