I have a “sign-up” Web app that sends a confirmation email to users, which contains a link which is encoded with URLParameters, so that when they click the link from their email it goes to:
https://myapp.com/?func=account_verify&account=username@domain.com&key=2F02A5AC20F7CE7...
However this leaves the URL field for the browser still filled with all the Posting values, so refreshing the page will resubmit the whole URL again (not desired).
Is there an easy (proper) way to rewrite the URL field to simply https://myapp.com/ and continue on with the current session?
I was considering using some trickery with Cookies and re-sending the user back into the app, but perhaps there’s a built-in way to do this. Thanks for your feedback.
I don’t believe this sort of action can be done via JavaScript without some sort of user interaction (like a button click) as a security precaution. You’d need to redirect with something like the following (beware: browser code, may need tweaking) in the Session.Opening event:
if Self.URLParameterExists( "func" ) and Self.URLParameter( "func" ) = "account_verify" then
'// Perform your processing code and redirect
GoToURL( self.URL )
end if
A bit of history. When it was possible to overwrite the URL without navigation, it was used to spoof domains for scam sites.
Excellent point regarding the implications of fraudulent use of the URL displayed. I’d still like to keep the initially created Session, then force the user to finish filling out their account data, updating their password… and so on.
I was really just punting here, hoping someone toiled with this and had a short easy clean and reliable way to hop out and back into the session with a shiny new (and “refresh proof”) URL.
I mean, I think it can still be done via JavaScript resulting from a user interaction, but I’m not aware of a mechanism in Xojo to do it. Maybe try setting the HashTag when you want to change the URL?
@Greg_O_Lone can probably tell you what’s possible and the best way to implement this.
I have started sending a code via email rather than a link that way the user doesn’t need to leave the page to sign up, they just paste the code into the browser & carry on.
…in retrospect that’s exactly what I’ll do the next time I start a project like this. 