Gossamer Forum
Home : Products : Gossamer Forum : Discussion :

URL redirection?

Quote Reply
URL redirection?
Hi,

I noticed that all the URL's in posts are not using the redirection system. Why this change? Is it safe now?

Thank you.

François
Quote Reply
Re: [Franco] URL redirection? In reply to
Hi François,

We've changed Gossamer Forum so that the redirections only happen when they are necessary for safety. That is, when you are using cookies, they don't need to be there and so aren't, but if using the parameter-based authentication, they are needed and so are still there.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com
Quote Reply
Re: [Jagerman] URL redirection? In reply to
Hi Jason,

This seem great. But I don't understand this: I logged in with cookie, after I erased all the cookies in my browser cache, and I still continue to be logged as Franco user. It seem that my log info still there even if my Gossamer-Threads cookie is erased. So I don't understand how it can be safe. Can you explain me a bit?

Thank you!

François
Quote Reply
Re: [Franco] URL redirection? In reply to
Hi François,

If you log out of the forum, and then log in and click the "Don't use cookies" checkbox, you will see the redirect for URL's.

This is because without cookies, the URL to a post will be something like:

...../gforum.cgi?post=123456;session=a46f....(32 characters)

If you click directly on a URL, many browsers will send along the current URL in the HTTP_REFERER variable, which could allow someone to break into your account by linking to a CGI script that records the HTTP_REFERER. They would have to be fast, of course, as the session times out after an hour of inactivity, but it is still a security concern.

If you log in with cookies, the "session=..." part will not be in the URL, so it is not a security concern to be able to directly link to web pages when using cookies.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com
Quote Reply
Re: [Jagerman] URL redirection? In reply to
Thank you very much, Jason, for your explanation!

Is it possible to set the target (ex: "_blank") of the links? I would be great if we could.

Thank you.

François
Quote Reply
Re: [Franco] URL redirection? In reply to
Yeah I'd like that too.
Quote Reply
Re: [Franco] URL redirection? In reply to
Whoops, my mistake - I omitted the _blank for non-redirected URLs.

Jason Rhinelander
Gossamer Threads
jason@gossamer-threads.com
Quote Reply
Re: [Jagerman] URL redirection? In reply to
And thank goodnes for that... Can we make this yet another profile, or an administrative option??

I personally prefer to have a choice wether I want my links to open in a new browser window or not.

Cheers

- wil