Hi, first I would like to congratulate you for all the hacks you're doing. They all reallly helped me

I have a tiny problem with the auto-login hack. Let's take the following example about userX :
- userX has activated the auto-login function for siteA
- It works perfectly : when he opens his browser and go to siteA, he is automatically loged in
- userX now has his browser closed
- He receives a notification by email : a new message has been posted in the forums of siteA
- He clicks on the link provided in the post.
- His browser opens, and, because of the excellent auto-login hack, he automatically logs in
- However, he is redirected on the home page and not on the forum post he was hoping for.

A lot of my users are complaining because they don't understand what is happeninh lol

I've looked at the code and found this :
Quote:
It seems as it is on purpose that the user is redirected to the home page, because it protects from a certain attack ?

Is there a way the user could be redirected to the page he was asking ?

Thanks for your help !

CHeers !

hi marcan.
I'm sorry that my answer is too late.

I know the redirection is not so convinience.

If there are no CSRF vulnerable code in core and modules, the 4 lines should be commeted-out.
But I have to say the core of 2.0.9.2 is not secure enough against CSRF attack.

But!

I'm glad to hear core team adopt token system in 2.0.10 and after.

Thus, the redirection will be eliminated in autologin-hack for 2.0.10 and after

Quote:No problem ! We are all busy !

Quote:Marvelous !

Thanks !

With the lastest version of autologin-hack, you are not going to redirect to the top page.

Of course, it is safe against CSRF even with XOOPS <= 2.0.9.3

Double-redirection allows it.
Perhaps, this tecnique is the same as hotmail or the other major webmail.

Thank you very much ! This is really cool !

Cheers !