Feel like my brain is still on vacation -- can't get the rest of my head around this problem, which I suspect is not really a problem at all.
Background:
1. We want to restrict dynamic (CGI, not PHP) page browsing to logged-in users only.
2. We want to offer logged-in users the choice of dynamic or static browsing.
This is how we do it now. When users log in, we give them an immediate choice:
<%if d%>
You are working in <EM>Dynamic mode</EM>.
If you would prefer faster browsing, but with fewer features,
choose <A HREF="<%db_cgi_url%>/page.cgi?d=0">Static mode</A>.
<%else%>
You are working in <EM>Static mode</EM>.
If you would prefer more features, but with slower browsing,
choose <A HREF="<%db_cgi_url%>/page.cgi?d=1">Dynamic mode</A>.
<%endif%>
</P>
The logout link URL has argument d=0 to drop out of dynamic mode:
The problem:
There is nothing to prevent users bookmarking a dynamic URL, eg: http://www.ourdomain.org/cgi-bin/dir/page.cgi?d=1
The solution:
Is there any way to force d=0 for users who have not logged in?
Background:
1. We want to restrict dynamic (CGI, not PHP) page browsing to logged-in users only.
2. We want to offer logged-in users the choice of dynamic or static browsing.
This is how we do it now. When users log in, we give them an immediate choice:
Code:
<P> <%if d%>
You are working in <EM>Dynamic mode</EM>.
If you would prefer faster browsing, but with fewer features,
choose <A HREF="<%db_cgi_url%>/page.cgi?d=0">Static mode</A>.
<%else%>
You are working in <EM>Static mode</EM>.
If you would prefer more features, but with slower browsing,
choose <A HREF="<%db_cgi_url%>/page.cgi?d=1">Dynamic mode</A>.
<%endif%>
</P>
The logout link URL has argument d=0 to drop out of dynamic mode:
Code:
<A href="<%db_cgi_url%>/user.cgi?logout=1&d=0">Logout</A>The problem:
There is nothing to prevent users bookmarking a dynamic URL, eg: http://www.ourdomain.org/cgi-bin/dir/page.cgi?d=1
The solution:
Is there any way to force d=0 for users who have not logged in?