[thelist] When should you redirect? (was site redirect check)

.jeff jeff at members.evolt.org
Fri Jun 8 13:22:51 CDT 2001


: From: Luther, Ron
: I'll agree that moved content is a good reason
: for a redirect, I think there are some other
: valid functional uses as well.

sure, but it depends on whether the redirect is done client-side or

: * After the user clicks a 'log out' link, they
:   get a 'thank you' page ... and then (after a
:   few seconds) a redirect to the main menu.

or better yet, the logout link logs them out and displays the login page
with the thank you message as well.

: * After form submission containing sensitive
:   information.  For users on public | shared
:   machines - they wouldn't want the next user
:   to back into their form and cc information.

a server-side redirect doesn't prevent the use of the back button to view
the order input screen.  however, if that process is session based, then you
could kill the session when displaying the receipt page.  make sure to mark
each page in the input process to be expired so it'll always pull the page
from the server instead of caching.  then, if they back up in the process
and the session has been destroyed you can display the first page of the
process (without any user specific data) and not the actual content one page
back that might contain user specific data.

a client-side redirect isn't reliable enough to count on that protecting the
user's data.

where the redirect is important is in the actual data collection stage.
when you're done collecting the data from a form post, issue a server-side
redirect.  this keeps the user from submitting the data a second time by
refreshing the page.

something to think about,


jeff at members.evolt.org

More information about the thelist mailing list