[thesite] question for whoever coded the logout process
rudy
r937 at interlog.com
Fri May 4 18:35:26 CDT 2001
regarding this url --
http://evolt.org/logout/index.html?http_referer=section%3Darticle%26subsect
i
on%3Dview%26params%3D20%2C2321&cfid=614457&cftoken=23500070
this is the url of the page i ended up on after logging out, or at least
that's what i assume it is, after noticing it in my history file
(don't ask me why i logged out, i just did)
so i'm guessing this is the url that the logout link "sends you to" (the
target of the form action)
to log somebody out, don't you just delete their session id based on
looking it up using cfid and cftoken? at least that's what i remember from
session ids, although i'm not too clear on how they are looked up or
deleted
what's the purpose of the referer?
is this being logged somewhere for analysis purposes? (curious as to what
difference it would make knowing that)
is it maybe vetted against the last page the user requested? (interesting
security feature)
is it used to re-direct them back to the page that requested the logout?
(why not send them to a generic "bye now" page?)
confused in canada
More information about the thesite
mailing list