1

Ok, first off I want to say that I have no idea what I'm doing.

I have several pages in my MVC project that constantly get hit from a different page. For instance my Edit page for one of my Models can come from an admin link on a detail page or the Crud Index page. Once we are done editing I want to send the user back to the right place. Considering I don't understand the Identity returnUrl stuff, I wrote my own method that creates two cookies, eventually I may not een need two but for now I have two so that I can monitor them updating in Chrome F12 tools and make sure that each time I use this method in a Controller Action it's doing the right thing. I'd also like to say I'm not doing any testing for this either. My testing is trial and error and Chrome F12.

Here is the code:

private void LastActionHero()
{
    string lastUrl = null;
    var currentUrl = Request.Url.LocalPath;

    if (Request.Cookies["currentUrl"] != null)
    {
        lastUrl = Request.Cookies["currentUrl"].Value;
    }

    if (lastUrl != currentUrl)
    {
        var current = new HttpCookie("currentUrl", currentUrl)
                      {Expires = DateTime.Now.AddDays(1)};
        Response.Cookies.Set(current);
        var previous = new HttpCookie("lastUrl", lastUrl)
                       { Expires = DateTime.Now.AddDays(1) };
        Response.Cookies.Set(previous);
    }
}

Questions: Is there a better way of doing this and is this safe? A portion of the site is not behind a login. Does that matter?

Also do you have any ideas of how I should implement this?

I'm still working on how I'm going to use it.

Here is a screenshot of the cookies, they seem to be working fine I went back and forth several times amongst 3 or 4 actions all using the method, here it shows the correct last 2 Urls:

enter image description here

Eric Bishard
  • 5,201
  • 7
  • 51
  • 75

1 Answers1

1

Your "cookie approach" will only work as long as a user in the same session only opens one page at a time. If a user enters such a page e.g. in one tab and then before leaving that one another one from another tab it won't work anymore.

One solution to this problem is to supply a "return-url" to that page. So instead of /Edit/1 you call something like /Edit/1?returnUrl=CurrentUrl and then work with that parameter on the edit page to return to the correct page when editing is completed.

Christoph Fink
  • 22,727
  • 9
  • 68
  • 113
  • I definitely see your point about the multiple tabs issue. I would agree and that is something I did not think about. Your idea is simple, I like that! – Eric Bishard Dec 23 '14 at 10:08
  • I'm trying to replicate the multiple tab issue and it seems to be tracking those urls fine. Maybe I'm misunderstanding you. – Eric Bishard Dec 23 '14 at 10:17
  • @EricB: If you open the page in one tab, then open the page (from another location) in the second tab the cookie will change for both tabs (if you are in the same session). – Christoph Fink Dec 23 '14 at 10:24
  • Ahh, so you would have to be using let's say a laptop and a tablet next to each other and doing some editing at the same time and then possibly you may get redirected to the wrong page after an edit. Is that what you mean? – Eric Bishard Dec 23 '14 at 10:32
  • 1
    No, on two device you will have two sessions. But using e.g. two tabs in the same instance of Chrome you will not and there this problem will come up (with other location I meant "another return-url")... – Christoph Fink Dec 23 '14 at 10:34
  • One of the reason I opted for this way is because I can have each action participate in recording it's location to the cookie so that it's always being tracked. If I want to redirect back to a previous page from a action that can be hit from more than one page, I simply use the cookie or if it's not present fallback to a hardcoded value. But this keeps me from having to hardcode my returnUrls into my links and having to chang those each time I make any change to the routes or page names, etc.. My way is most likely the most efficient eve or the most secure, etc.. – Eric Bishard Dec 23 '14 at 15:02
  • but it's easy to maintain and what I was hoping is that maybe someone knew of a better option. Any ideas other than hardcoding the returnUrl as a parameter in the link? – Eric Bishard Dec 23 '14 at 15:02