microboard
asked on
login script
How do I keep a password from showing up in the location field of a browser? I don't want to use cookies. I can redirect the page, but even before redirecting, the password is displayed momentarily in the location.
ASKER
The POST method seems to have a problem of its own. When using POST, the page sends a warning box asking if I want to repost from data whenever I try to reload it. So unless that can be avoided, I need to figure out a way to keep the fields from being shown while using the GET method.
I'm rejecting your answer only because I want to hear any other responses but I will give you the points if you can tell me how to sort out the POST trouble; because it does me no good the way it is.
(please leave a comment next time)
I'm rejecting your answer only because I want to hear any other responses but I will give you the points if you can tell me how to sort out the POST trouble; because it does me no good the way it is.
(please leave a comment next time)
Okay, this'll be a bit work intensive but here's a solution. The message you're seeing when you reload using POST is not actually the script giving you problems. It's actually a browser thing. The one way to get around this little quirk is to minimize the need to reload the page.
I'm guessing you're using perl to process a login of some sort. Have the script that handles the validation of the password generate some sort of html page. From that HTML page, have a link to the form instead of making it necessary to reload.
Don't you hate when browsers try to be helpful?
Regards,
Rob.
I'm guessing you're using perl to process a login of some sort. Have the script that handles the validation of the password generate some sort of html page. From that HTML page, have a link to the form instead of making it necessary to reload.
Don't you hate when browsers try to be helpful?
Regards,
Rob.
HedgeMaze changed the proposed answer to a comment
how about using a hidden field which does not have the actual password, but a reference to some kind of temporary file on your server that has the actual password.
Also this hidden field would be some kind of random number that would change everytime.
Also this hidden field would be some kind of random number that would change everytime.
ASKER
HedgeMaze, I've actually thought of the idea of creating a new HTML page and directing the member to it, but I thought perhaps it would create an over-abundance of pages on my site! So far you're still getting the points but I don't want the member to bookmark the created HTML page. So is it possible to know when a member leaves the site and to delete the created page after a certain period? Since that actually goes into another question, I'll increase the ponts for an answer to that, but I still need some input on the POST/GET situation. That is, is there no way to hide the fields with the GET method.
maneshr, how do I know which file to reference if I used a random number?
maneshr, how do I know which file to reference if I used a random number?
Actually, all you have to do is have the script that processes the login generate the page. That way, if they attempt to bookmark the page they'll be bookmarking the script which should have an error message generated if it is accessed without the form input. For example, if you've ever seen Matt Wright's WWWboard, if you try to actually access the wwwboard.cgi script without inputing data via the html form it will error out stating that the user needs to provide required data (with a link back to the original form). That would render bookmarking absolutely useless.
Rob.
Rob.
Oh, and I'm not really worried about the points. I'm having fun with this site. It's neat that I can do what I love (and I learn quite a bit in the process) which is work with the Internet, Perl and programming.
ASKER
Ok I know this continuing questioning of mine is probably irritating but let me run you through a sample login to my site:
After the username and password are POSTED to the script, the script in turn looks up the ID number and substitues the ID for the password, it then creates an HTML page on the fly. So in the location (by using POST instead of GET) is the domain name and the script page, which is fine. Thats not a problem; however, refreshing that page of course gets the "POST FROM DATA" message box.
I can create HTML pages without any trouble but my page allows note-taking, which means a person can type themselves a message then have the page display that message in the page itself. To do that, I need to refresh the page. I thought about creating a true HTML page (with the HTM extension) that had all the values created in it which I would need for any particular person, then I would simply redirect them to this newly created page. But then the problem comes up that I would have a lot of pages I was putting on my server, and then I figured they could also just bookmark that page, which I don't want.
The trouble is, I need reference to the password or ID even after the POST has gone through. Am I making sense here? I've gotten better at perl script but some things still elude me.
After the username and password are POSTED to the script, the script in turn looks up the ID number and substitues the ID for the password, it then creates an HTML page on the fly. So in the location (by using POST instead of GET) is the domain name and the script page, which is fine. Thats not a problem; however, refreshing that page of course gets the "POST FROM DATA" message box.
I can create HTML pages without any trouble but my page allows note-taking, which means a person can type themselves a message then have the page display that message in the page itself. To do that, I need to refresh the page. I thought about creating a true HTML page (with the HTM extension) that had all the values created in it which I would need for any particular person, then I would simply redirect them to this newly created page. But then the problem comes up that I would have a lot of pages I was putting on my server, and then I figured they could also just bookmark that page, which I don't want.
The trouble is, I need reference to the password or ID even after the POST has gone through. Am I making sense here? I've gotten better at perl script but some things still elude me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok I know this continuing questioning of mine is probably irritating but let me run you through a sample login to my site:
After the username and password are POSTED to the script, the script in turn looks up the ID number and substitues the ID for the password, it then creates an HTML page on the fly. So in the location (by using POST instead of GET) is the domain name and the script page, which is fine. Thats not a problem; however, refreshing that page of course gets the "POST FROM DATA" message box.
I can create HTML pages without any trouble but my page allows note-taking, which means a person can type themselves a message then have the page display that message in the page itself. To do that, I need to refresh the page. I thought about creating a true HTML page (with the HTM extension) that had all the values created in it which I would need for any particular person, then I would simply redirect them to this newly created page. But then the problem comes up that I would have a lot of pages I was putting on my server, and then I figured they could also just bookmark that page, which I don't want.
The trouble is, I need reference to the password or ID even after the POST has gone through. Am I making sense here? I've gotten better at perl script but some things still elude me.
After the username and password are POSTED to the script, the script in turn looks up the ID number and substitues the ID for the password, it then creates an HTML page on the fly. So in the location (by using POST instead of GET) is the domain name and the script page, which is fine. Thats not a problem; however, refreshing that page of course gets the "POST FROM DATA" message box.
I can create HTML pages without any trouble but my page allows note-taking, which means a person can type themselves a message then have the page display that message in the page itself. To do that, I need to refresh the page. I thought about creating a true HTML page (with the HTM extension) that had all the values created in it which I would need for any particular person, then I would simply redirect them to this newly created page. But then the problem comes up that I would have a lot of pages I was putting on my server, and then I figured they could also just bookmark that page, which I don't want.
The trouble is, I need reference to the password or ID even after the POST has gone through. Am I making sense here? I've gotten better at perl script but some things still elude me.
ASKER
Adjusted points from 50 to 75
ASKER
Hey early signs show this is going to work just fine! Thanks a lot for your help!
No problem.
If you're using the POST method to send your form data to a "processor" program it shouldn't display the $ENV{'CONTENT_LENGTH'} variable (everything after the "?".
Try using POST if you're not already. That should clear up the problem.