All geek questions in one place

How to prevent users from bookmarking URLs?

Web pages on a website display web pages using GET to retrieve variables from a predefined URL. For example, the code on the first page: index.php

 <p><a href="/blank.php?name1=value1&amp;name2=value2">next page</a></p>

Second page: blank.php?name1=value1&amp;name2=value2

 $name1 = $_GET['name1'] ; $name2 = $_GET['name2'] ; echo $name1 ; echo $name2 ;

In this way, web pages are created in place and displayed as CMS and Iuse this method for all web pages that my site has, but if the user bookmarks the bookmarks, they will have outdated information for this web page because this page contains content in the url.

EDIT: If I were using post , would this be the best way to pass this information to a new webpage? instead:

 <form method="post" action="blank.php"> <input type="hidden" name="name1" value="value1"> <input type="submit"> </form>
+4
source share
4 answers

Quick and dirty solution: add the timestamp parameter to your URLs, for example:

 <p><a href="/blank.php?name1=value1&amp;name2=value2&amp;time=<?php echo time(); ?>">next page</a></p>

Then, on the page, check if the timestamp is older than a specific duration:

 if(!isset($_GET['time']) || time() - intval($_GET['time']) > 60*60) { header('Location: index.php'); } $name1 = $_GET['name1'] ; $name2 = $_GET['name2'] ; echo htmlspecialchars($name1); echo htmlspecialchars($name2);

So, if the link is older than one hour (60 seconds once 60 minutes), it is redirected to the home page!

But this method is not very user friendly! You better try to create your links so that they never get the old content when you visit!

+3
source

You can prevent the user from using the keyboard shortcut to create bookmarks, but I don’t think that in any case, you should not stop the user from bookmarking your browser (or writing down the URL for this).

You may want to view the data on the page each time the page is loaded, so if the user closes the URL, they see the latest information. Or, if the user has not completed a specific path to get this path, display a message informing them that the data is out of date.

0
source

Using POST instead of GET Solves the problem for the most part, but I understand that it may not be possible depending on the amount of code that you have already created. Another possible solution is to set session variables to determine if this person should have access to this page or not. If they don’t have access, you send them your landing page, profile or even login page. I did this by placing session variables that can only be set on one page and then destroyed after viewing the page, so they cannot just return to the page because the session value has disappeared.

Unfortunately, it is impossible to prevent people from creating bookmarks on your page, you just need to filter out who can see (edit or access).

0
source

Basically you are talking about user sessions during which all variables would make sense. Even using POST does not solve the problem. In an extreme case, you can make a POST request (or a search engine can do it) and misinterpret the result. I would suggest adding a session like many other websites do, and to the backend to control the actual timeframe. Thus, you better control the functionality of your website and user interface. Whether the session has expired or not depends on your business logic, not the GET / POST methods.

0
source

Source: https://habr.com/ru/post/1491953/

More articles:


All Articles