Login redirect should remember target page

When I try to navigate directly to App - GTDNext! without being logged in, I get redirected to the login page. After successfully logging in, I end up at App - GTDNext! instead of App - GTDNext!. The redirect to login really should remember where the redirection came from.

I think a typical way to do that is to include a “target” or “next” parameter for the login page, to tell it where to redirect to after successful login. But a typical security flaw occurs if you allow that parameter to reference an arbitrary URL. (This can be used to simplify phishing attacks.) So if you decide to implement this, please take care!

1 Like

Although I broadly agree with this suggestion, exactly how big a problem is it for you?
Surely going to #/next rather than #/projects is just one click away. So yes if you to it regularly it’s slightly annoying, but couldn’t you just leave a browser window open?

In the greater scheme of things, it is obviously not a big problem. But it is a minor annoyance at least once a day in the morning.

Leaving the page open is not an option, as my laptop is shut down at least daily for my commute. Also, any misfeature that discourages logging out is bad for security.

1 Like