How to redirect to last link after login from google in php?

Question

I am trying to redirect the user to the last link after login through Gmail or Facebook.

Here are the four things I tried without success.

1) Using $_SERVER['HTTP_REFERER'] But it redirects me back to Gmail instead of the last link on my site.

2) Using $_SESSION - I try to store last url in session before login but after login I don't get its value as session is empty.

3) Using cookies - I also try using cookies but it is also not working

4) I try to send the last url as $_GET parameter in redirect url but doing that stops google login as that url does not match the url stored in google apps.

Is there any other way to achieve this?

Answer 1

I can't see why using cookies wouldn't work. Before redirecting the user to the Authorization Server, store the current URL in a cookie. When the AS redirects the user back to the redirect_uri, that page does another redirect to the URL stored in the cookie.

But I like the version where you include the "last page URL" in the request better (the 4th element on your list). Since Google apparently doesn't allow wildcards in their OAuth configuration, you can use the state parameter instead. From RFC 6749 - The OAuth 2.0 Authorization Framework:

state
     RECOMMENDED.  An opaque value used by the client to maintain
     state between the request and callback.  The authorization
     server includes this value when redirecting the user-agent back
     to the client.  The parameter SHOULD be used for preventing
     cross-site request forgery as described in Section 10.12.

When you build your redirect URL, you just set the state parameter like so:

https://accounts.google.com/o/oauth2/v2/auth
    ?client_id=MY_CLIENT_ID
    &redirect_uri=http://example.com/oauth-redirect_uri
    &scope=REQUESTED_SCOPES
    &state=http://example.com/last-page-the-user-loaded

Depending on your OAuth flow, the Authorization server will redirect the user to an URL that looks somewhat like this upon successful authorization:

http://example.com/oauth-redirect_uri
    ?code=CODE
    &state=http://example.com/last-page-the-user-loaded

Your server can then process the state parameter and redirect the user accordingly.

Answer 2

You would be checking if user is logged in or not with some function, and if not, you would be taking the user to login page on which user can login using Google or FB. Assuming this, I would say, store the previous link in SESSION in the same function in which you are checking if the user is logged in or not,

I am writing the code snippet and you can get idea from it to write your specific code.

if(isset($_SERVER['HTTP_REFERER']))
{
    $_SESSION['url_to_go'] = $_SERVER['HTTP_REFERER'];
}

And when user logs in successfully, check if the session key url_to_go is present, then redirect the user to the link or else take him to dashboard or any default page you have.

So, As you said the session is getting cleared when we come back from social site, you can use localStorage with JS (browser storage) to store $_SERVER['HTTP_REFERER'] and when you come back, you can retrieve it and clear it after you use it once.

Answer 3

Just create a session and keeping updating its value to your current url. After google login or logout just redirect to your session which will be holding your last url.

I did it with codeigniter.

//Remember to load 'url' helper to quickly obtain the value of current url
    $data['google_login_url']=$this->google->get_login_url();
    $this->session->set_userdata('last_page', current_url());//This lines creates a session 'last_page' and assigns it a value of the current Url.

after logging in

$last_page = $this->session->userdata('last_page');//I obtains the value of last_page
redirect($last_page);

after log out

  $last_page = $this->session->userdata('last_page');
    session_destroy();
    unset($_SESSION['access_token']);
    $session_data=array(
            'sess_logged_in'=>0);
    $this->session->set_userdata($session_data);
    redirect($last_page);