I have a PHP / Javascript page that automatically logs a user into different systems from one log on. These are external sites and all works good except when the user hits the back button. It then redirects them right back where they came from.
I'm looking to have it redirect back to my main website and avoid getting stuck in this redirect nightmare. So I tried document.referrer, but that only seems to grab the current page I'm on and not the referred site. Am I wrong or can this not be done like this?
function myfunc () {
var frm = document.getElementById("loggedin1");
if(document.referrer != 'https://someurl') {
alert(document.referrer);//Just used to see output
frm.submit();
}
}
window.onload = myfunc;
If I could get it to function I would add an else in there and have it going back to my website.
Thanks!
It sounds like you are trying to go back to a previous page, that is not within the website of the page you're on?
A few points:
1) document.referrer will only work if the person got to the current page through a link, or clicking something.... not if they were redirected through other means.
2) Due to browser security implementations, you will not be able to access the javascript history for other sites. So if you go from your site, site A, to site B for a login, you will not be able to access the site A history from site B.
If you need to take them back to the previous page they were on on your site, can you use an iframe to load the external page? that way they'll never leave your site? Or maybe a window popup?
If what you are trying to accomplish is site logins, have you looked into the available apis? Sites like facebooks have apis for allowing logging in on your site through theirs.
Cheers!
Related
Let's say an external site has a redirection page before actually moving to the internal site when user clicks the link.
This internal site only has a button that will let you go back using
History.back() or .go(-x). I can only do changes on the internal site.
What's happening here is that we now have a "loop" that redirects to the external redirection page using history.back(), and then the user will be redirected once again to the internal site.
Flow:
External site -> user clicks on internal site link -> external site sends user to external redirection page -> user redirects to visit the internal site -> user click history.back button -> user get redirected to external redirection page -> user redirects to visit the internal site again
I basically do not want the user to end up at the internal site after users clicks the history.back button.
I thought about saving page visit in localstorage, so that if it gets redirected back to the internal site again it will instead do history.go(-2).
I am also aware of https://developer.mozilla.org/en-US/docs/Web/API/Document/referrer document.referrer, but that will also degrade the UX since the user gets redirected back and forth at least once.
The only solution I could think of is having a query parameter upon visiting the internal site someurl.com/?redirects=2, so that we could do history.go(-redirects). However, that requires the external site to decide how many redirects it has.
Is it possible to know if user comes from a redirection page from the external site? Is there a way so that we can skip the external redirection page and just go straight to the external page?
window.location.replace is there for exactly the same requirement, please refer https://developer.mozilla.org/en-US/docs/Web/API/Location/replace
Assuming that the external rediection page contains only the logic for rediection and no content, they should have used location.replace for redirection to have a clean state of history.
I know that you do not have control over external site but I just wanted to help in case you can ask someone to make changes there :)
I came up with a solution to the problem, but my approach does use document.referrer.
Regarding UX degradation when using document.referrer, it should be barely noticeable as long as your clientside code is optimized.
Also, you might be interested to read this MDN Article.
My solution approach is attached here:
const isExternalURL = (url) => new URL(url).origin !== location.origin;
function checkExternalURL() {
const referrerPage = document.referrer;
if (referrerPage == undefined) return false;
return isExternalURL(referrerPage);
}
if (checkExternalURL()) {
console.log("External URL Detected");
} else {
console.log("Internal URL Detected");
}
I have an area on my site, where user can login directly with a secret link. He then is been redirected through my framework to the final view.
Now when the session dies, and the user reloads, I need to point the actual reload to the initial secret link (which the frontend knows) to get a new session and avoid the login-screen.
I tried:
<script type="text/javascript">
$(document).ready(function() {
window.onbeforeunload = function() {
// on reload: redirect to direct-login url, to ignore dead session
window.onbeforeunload = false;
window.location.href=$('base').attr('href') + '/users/directLogin/<?=$_SESSION['Auth']['User']['secret_token']?>';
}
});
</script>
From this code I'd expect to reload another URL when the user triggers page-refresh, but it keeps reloading the same url as is.
To point out the problem: If the user keeps on that final page when refreshing with a dead session, he will be thrown back to a login screen. To avoid this and give a feeling of "out-of-the-box-area" while inside the box, this concept is what I came up.
EDIT:
This approach is not possible. To anyone having a similar concept to achieve: A synchronous ajax would prevent the page from reloading, until the ajax finished. This way you could easily generate a session before reloading. You may consider yourself if this is a good solution for your project. It fit mines but someone might say this is evil.
Now i need to get source page url when i navigate any page under specific domain i tried this jquery code
$(document).ready(function() {
var referrer = document.referrer;
});
but i get the previous url page but i want to get the main link that open my domain for example i searched about my website from google then i open my website from google then i navigate any page under my domain ..... i want to get in any page that i come from google ..by the way my website is PHP.... can i make some thing like that ?!
On the server side, you can use $_SERVER['HTTP_REFERER'] to get the referrer.
Now when the user links (or submits) from one page to the next in your website, but you still want the website they originally came from instead of the page they just were on, you should remember the original referrer in some way, for instance by storing it in a session variable. Something like this:
$ref = $_SERVER['HTTP_REFERER']; // Get referrer
if (!$ref.strpos($_SERVER['HTTP_HOST'])) // It's not from the same domain?
$_SESSION['originalreferrer'] = $ref; // Nope, store in session
Then you will have $_SESSION['originalreferrer'] as the original referrer, as long as you include this code in each of your pages that may serve as a landing page from outside.
Some users repeatedly run into a very mysterious problem when using my web application.
In the middle of using it, they'll click a button or link that takes them to another page, but there will be a "page not found" error, because the URL is something like:
http://www.correctwebsitename.com/undefined
I thought it might be a javascript bug in my app: a redirect done by choosing a page name (maybe with some parameters) where one of the values is bad, resulting in the page name = "undefined". But there is no such code in my app anywhere, and this happens on many different pages, seemingly at random.
The one thing that seems to make it happen more often is if the user logged in originally by clicking a link in an email message in gmail. But a user who cut and pasted the link URL into a browser window said it still happened. Googling around reveals some hints that some kind of Google redirecting or caching is happening behind the scenes.
Any ideas?
Edit:
I'm not getting responses from anyone familiar with how gmail links etc work, does anyone know what SO tags google experts "hang around in"?
Edit 2:
Awarding bounty to top answer for useful info and temporary workaround idea, but still interested in real solution to the problem, so not accepting workaround as solution.
I believe you are right about gmail doing something with the links. See the gmail image below:
Non-standard header fields are conventionally marked by prefixing the field name with X-
Its probably behaving like... oh well, Google, and inspecting everything.
To stop google search from tracking my clicks i had to create a userscript to rewrite one of their functions:
rwt = function(){};
Maybe you can try something similar for gmail.
What is rwt?
rwt() is a javascript function from google search that rewrites the links to track which site you have visited.
for example, searching for "greasemonkey" showed the mozilla addons page as the first result. clicking on it opened
https://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCUQFjAA&url=https%3A%2F%2Faddons.mozilla.org%2Fpt-BR%2Ffirefox%2Faddon%2Fgreasemonkey%2F&ei=iWNtUIXjIoyQ8wTxv4DQAQ&usg=AFQjCNEO9EJcHp9rAmKyD_XZF2Bt6hs_YQ&sig2=P19xVUsD-Q1G_9AiUBP3PQ
and then redirected to
https://addons.mozilla.org/pt-BR/firefox/addon/greasemonkey/
The image above and the rwt() case is just to show you that there is a great chance that gmail is changing the links, so this could be related to your problem.
Since there is nothing you can do at gmail's side, maybe you could fix it on your server, by redirecting http://www.correctwebsitename.com/undefined to http://www.correctwebsitename.com or any other page that you'd like your users to see.
So, be it from gmail or any other referer, every time a client lands on http://www.correctwebsitename.com/undefined redirect him to another page.
so maybe I can figure out how to just send them back to the page they
came from
ASP
if not request.UrlReferrer is nothing then
response.redirect (request.UrlReferrer.tostring)
end if
JS (for this to work, you would have to actually create a page called undefined)
if (window.location.href.toLowerCase().indexOf('undefined') > -1) {
// this works
window.location.href = document.referrer;
// this works too (uncomment to enable)
// history.back();
}
remember that if the user directly typed the url or used the link from favorites there wont be no referrer
I would suggest you to check the below things in your application.
Is there any code in your application, apart from what you own ?
there can be injected code by third party applications, like for ex "AddThis" adds an extra #parameter to your url sometimes, in your case its clear that a javascript is trying to playaround with the location.href as "undefined" is something which many js developers will come across.
by adding an # will help do cross site communication, some bug might also be causing an issue here.
Do a complete search in your code for "location.href" and see if you have used it anywhere.
Sometimes third party addons on the browser too might cause this issue
hope these would help you narrow down to your problem.
if you are not able to trace out the issue anywhere, i would suggest you to override 404 functionality on your webserver and implement the solution using Referrer.
If my Facebook canvas page is pointing to mydomain.com, and if a user goes directly to mydomain.com, how do I make the site show up on the Facebook canvas page? Basically, I want my website to always load on the Facebook canvas. If I just do a redirect to apps.facebook.com/mydomain, I think it gets into an infinite loop because the Facebook canvas is trying to load mydomain.com.
Check for the referrer in the HTTP request header, and base your logic on that. That being said, I don't know that redirecting your entire site to Facebook is a good solution to your problem.
A better solution would be to host the Facebook app portions on a separate page or domain, and link to it from your frontpage.
You can do it client side in javascript. Check if the page is currently opened inside an iframe, if it's not the case you are not inside facebook and should execute a redirect:
if(window.parent === window) do the redirect
You could find a way to implement it serverside, but, unless facebook is passing some specific parameters when loading, probably you will need to rely on the HTTP_REFERER parameter and the browsers will not send it always.
If your app is being loaded within Facebook, the page will be POSTed to, and the POST data will contain a signed_request field. This can be used on the server to discover if the user is accessing the app correctly - how you persist this information across navigation within the iframe is up to you.
Client side you can check window !== top, and /canvas/.test(window.name).
I found this on another question and use it in my own script:
<script type="text/javascript">
function NotInFacebookFrame() {
return top === self;
}
function ReferrerIsFacebookApp() {
if(document.referrer) {
return document.referrer.indexOf("apps.facebook.com") != -1;
}
return false;
}
if (NotInFacebookFrame()) {
top.location.replace("https://apps.facebook.com/YOUR_APP_NAMESPACE");
}
</script>
This checks if they are currently in the Facebook frame and *ONLY if they are not it will redirect them to "https://apps.facebook.com/YOUR_APP_NAMESPACE"
Note: you can use this on any page in you app just change the URL accordingly.
For example: If you are using this in http://YourDomain.com/anotherpage.php you can change the URL in the code above to https://apps.facebook.com/YOUR_APP_NAMESPACE/anotherpage.php