Using a query string on a link to pass the username and password.

Posted on 2006-05-25
Last Modified: 2009-12-16
Is there a way to add a query string to a link so that it will automatically log someone in to a site when they click on the link.  For example:  Internal user on the intranet clicks on a link to say "Experts Exchange".  The link will take them to site and log them in with the company user name and password.  Thank you in advance for your help.
Question by:jsmaling
    LVL 10

    Expert Comment


    I'm not sure I understand your question but here's a shot:

    Only if the site has a server program that is looking for those query strings and logging people in. No site that I know would ever do that but you might have your own setup in which case it would work (but pretty insecure since login info is rarely not encrypted).

    in any case, you can add any name value pairs to a link which can be easily read by the server:
    <a href="">test link</a>

    LVL 30

    Expert Comment

    Login forms are supposed to use POST (not GET), so an url should not work.
    But it should be possible to reproduce the login form on your page:
    Replace the <input type="text"> with <input type="hidden" value="myvalue">
    where "myvalue" correspond to the text you enter in the text input.
    Have your form submit to the server's login page and you should be able to login.
    LVL 2

    Expert Comment

    if you're using a username and password, the assumption is that you'd want some from of privacy protection. so if you aren't using a form with post/get then you should probably be trying to use a cookie that contains the username/password and set it to expire after x number of hours or days. (with vbscript).

    if its just a thing like 'guest' 'general pass' that goes to a lesser protected end of the site (even intranet) then you could do what Oh4cryingOutloud said.
    <a href="">test link</a>

    <a href="file.ext?usr=blah&psw=blah">link</a>

    or if anyone can go there anyways, why have with a username/password? just give them a general link maybe?
    LVL 30

    Expert Comment

    Ok, i'll code it:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "">
    <style type="text/css">

    body {
      background-color: #ddd;
      color: black;


    <form method="post" action="">

      <input name="msuLoginName" type="hidden" value="jsmaling">
      <input name="msuPassword" type="hidden" value="%your password goes here%">
      <input name="msuLoginSubmit" type="submit" value="Experts Exchange">



    This uses an input to submit the form, but you can replace it with a link if you want, just use javascript to submit your form from the link.
    LVL 19

    Expert Comment

    Like a lot of others are saying, you will not find many sites that check for their users using a querystring. I for one, would not visit such a site.

    That set aside, you cannot control the other sites (unless they are your own) so there is no way of making sure that you can log in your users automatically. Even IF they would have set up their site to allow logging in using querystring variables, there's still the chance they check for a referrel URL to be their own site, I would do that if it were my site. Again that would render your querystring useless..

    So that said, it's possible, but not likely you will get that working.

    LVL 5

    Accepted Solution

    You need to view the source of the page with the login form and then construct your querystring so that it includes all the form fields and relevant values.

    Using Experts-Exchange as an example, you could use the following link:

    This URL includes all the form fields found on the Experts Exchange log in form.

    This relies on sites using the less strict Request("Field") instead of the more strict Request.Form("Field").

    Those that do use Request.Form("Field") will not work with the above method.

    I have to say that embedding usernames and passwords into querystrings is generally bad practice because your users can either view the source of the page with the link to see the username and password or they may see it in the address bar (if the page doesn't redirect) when they click the link.

    Hope this helps

    LVL 1

    Author Comment


    The link is going to be internal and we want our users to have the information without having to remember it.  This link actually worked for us.  How would I make it go to the homepage instead of the web development page?
    LVL 30

    Expert Comment

    jsmaling, why not using a form?  that's the correct way to do it.

    the big problem of sending sensitive data inside an url is that the url gets logged on the webservers, so your password will appear in the webstats reports.  also, if you are not correctly redirected and you click on an new link, that url will be sent as "referrer".
    LVL 5

    Expert Comment

    If you get the url of the page you want to redirect to you can use it as the value for the redirectURL key in the querystring. This is specific to the EE site and is unlikely to work on other sites.


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    This article describes how to create custom column layout styles for Bootstrap. The article uses 5 columns to illustrate the concept, but the principle can be extended to any number of columns.
    In this Micro Tutorial viewers will learn how to create navigation buttons that change on rollover, using CSS (Continuation of the CSS Image Sprite tutorial) Create a parent ID for all the list items       - Specify position: absolute and display: block…
    The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now