2

I have been trying to redirect page with variable through javascript. I have found window.location.href = "test.php?variable=" + variabletosend; but in this way user can change url and hence values.

Please tell me, how to pass variable to another page through javascript, hidden from user.

asked Apr 19, 2015 at 12:55
4
  • This is not possible. Any JS redirection will be visible to the user because it is a client-, not server-based redirect. You need something like Apache Mod-Rewrite. Commented Apr 19, 2015 at 12:57
  • Javascript runs on the user's browser. He can see it ! What you can do is to use button with submit and redirect the url in php. Commented Apr 19, 2015 at 12:58
  • maybe try a hidden form and use jquery to post that form to another page? Commented Apr 19, 2015 at 12:59
  • A user will always be able to modify a request. In case this is supposed to be a security measure: Security through obscurity is not only bad practice, it is outright dangerous. Plain and simple: Use server side session variables to pass data. Also, you might want to read the OWASP Guide v4, too. Commented Apr 19, 2015 at 13:43

5 Answers 5

3

Your entire approach is wrong.

You can never trust a URL from a user, nor prevent the user from seeing the URL to the page.

Instead, you need to write server-side code to return an error if the user tries to access they're not supposed to.

answered Apr 19, 2015 at 13:00
Sign up to request clarification or add additional context in comments.

2 Comments

can you provide some link, how to do that?
@RaghavGarg: That completely depends on your code and data. if (userId is not allowed to access)
0

You could do something like:

  1. Instead of GET request, use POST (if you don't want parameters in url)
  2. If you want to pass parameter + redirect then, it would be better if you could store those values as session variable.
answered Apr 19, 2015 at 12:59

5 Comments

Users can still see and modify POST variables.
As far as I know, nobody can access post variable and due to which they are kind of 'safe". Plus i'm saying to store data in session variable
But they can simulate (send their own) POST request, hence add there whatever they want.
Completely wrong; you can easily see POST variables in the dev tools.
Unless and until they know what parameter does the api or requested page is requiring.
0

If you worry about user accessing improper pages of your site you should correclry handle such requests either in server-side running code or using your web-server (IIS, Apache, etc)

answered Apr 19, 2015 at 13:04

Comments

0

You basically want to send the variable to a php page via js.I also had this kind of problems.you should use AJAX request.I know it sounds complex but after you google it this would be easy.In jquery you could use(it would be good to check for syntax error):

$(document).ready(function() {
$.ajax({
 type: "POST",
 url: 'test.php',
 data: { variable : variable },
 success: function(data)
 {
 alert("success!");
 }
 });
 });
answered Apr 19, 2015 at 13:32

18 Comments

Don't forget to import jquery and also I forgot to mention that variable wont be seen to the users.
Users can easily see and modify the value in the dev tools.
That sounds interesting.I would like to know the procedure.
I guess it will only show http requests and even if it shows ajax calls the how can a user modify it.
@SLaks Are you online?
|
0 
use this file."jquery.redirect.js"
$("#btn_id").click(function(){
$.redirect(http://localhost/test/test1.php,
 {
 user_name: "khan",
 city : "Meerut",
 country : "country"
 });
});
see=https://github.com/mgalante/jquery.redirect
answered Oct 11, 2016 at 12:38

1 Comment

Please add some explenation to your answer. Posting only code can be confusing.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.