Redirect With Hidden Custom Data
When redirecting, any URL parameters (information following a "?" in the URL) will be visible at the destination page. That happens when redirecting with the PHP header() command, with the HTML meta refresh tag, and with JavaScript.
Depending on your implementation, allowing data to be visible might be unacceptable.
Examples:
-
When the parameter information should be omitted from bookmarks.
-
When the information should not be visible to the site user.
-
When the information may not be recorded in server log files (perhaps to satisfy data security requirements).
Redirects can be done with method POST, which has two advantages unavailable with method GET.
-
The information will not be visible in the browser's address bar and won't be included in bookmarks that users may set.
-
The information will not be recorded in server log files. The URL of the web page will be recorded, but not the POST information.
This is how it works:
-
The browser lands at the redirecting web page. This may be from an ad, a website link, an email — wherever the link is that the browser comes from.
-
Custom information is inserted into
method="post"form fields. The information may include (as examples):- The referring URL.
- Any URL parameter information the browser arrives with.
- An affiliate code.
-
The form is automatically submitted to the final destination web page.
The destination web page receives the form information and does whatever it is supposed to do with it.
It all hinges on the invisible form published on the redirect page.
The Redirecting Form
The redirecting form is invisible on the web page.
The browser arrives at the page. The form fields are filled in automatically. The browser is redirected by the automatic form submission.
Here is the source code of a functional form (because it has PHP code, the form must be on a PHP web page):
<form id="demo-form" method="post" action="https://example.com/dest.php"> <input type="hidden" name="referrer" value="<?php echo(isset($_SERVER['HTTP_REFERER'])?$_SERVER['HTTP_REFERER']:'No referrer') ?>"> <!-- More hidden fields can be inserted here. --> <!-- For browsers without JavaScript. --> <input id="demo-button" style="display:block;" type="submit" value="Click to proceed"> </form> <script> document.getElementById("demo-button").style.display="none"; // Remove button for browsers with JavaScript function Redisplay() { document.getElementById("demo-button").style.display="block"; } setTimeout(Redisplay,3000); // For browsers that won't auto-redirect. document.getElementById("demo-form").submit(); // Submits the form. </script>
As you can see, there are two parts to the form. There is the HTML form. And there is the JavaScript.
When the HTML form has been customized, both parts can be put on the web page that will do the redirecting. I'll talk about the JavaScript, too, in case you want to modify it.
The HTML Form
At the first line, the form tag has the demo-form id for the form. That id is used in the JavaScript to automatically submit the form.
Also at the first line is the https://example.com/dest.php value for the action attribute. Change that URL to the URL of your destination web page.
At the second code line, you'll see a hidden field. This particular hidden field inserts the referring URL, if available. Otherwise, it inserts "No referrer".
More hidden fields may be specified, as many as needed for the information you want to send to the destination web page.
After that, you'll see the form's submit button. It has id value demo-button and is referenced in the JavaScript in two places.
The submit button is published with the button displayed. The JavaScript immediately hides the button. But if the browser does not do JavaScript, the button stays displayed so the user can tap it and continue.
That's the end of the form. The JavaScript follows it.
The JavaScript
The first line of the JavaScript hides the submit button of the form.
The next two JavaScript code lines is a function and timeout to re-display the submit button in case the server at the destination page is slow in responding. The 3000 tells the browser to wait 3 seconds before re-displaying the submit button. That number may be changed.
The last code line of the JavaScript is where the automatic form submission occurs.
Additional Hidden Field Examples
The source code further above contains only one hidden field for information. The reason is to keep that source code as simple as possible.
Here are a few examples of additional information that can be inserted into the form within hidden fields for sending to the destination web page.
An affiliate code. Replace the field's abc123 value with your affiliate code.
<input type="hidden" name="afic" value="abc123">
The browser's IP address.
<input type="hidden" name="IP" value="<?php echo($_SERVER['REMOTE_ADDR']) ?>">
Any cookies the browser reveals at the redirect page.
<input type="hidden" name="cookies" value="<?php echo(isset($_SERVER['HTTP_COOKIE'])?$_SERVER['HTTP_COOKIE']:'No cookies') ?>">
Any URL parameter information used when the browser arrived at the redirect page.
<input type="hidden" name="paramater_info" value="<?php echo(isset($_SERVER['QUERY_STRING'])?$_SERVER['QUERY_STRING']:'No parameter info') ?>">
You may, of course, add your own hidden fields — as many as you want.
All of the information submitted with the hidden fields will arrive at the destination web page with method POST. The information will not be in the URL. And, although the destination web page receives the information, the information will not be recorded in the server access logs.
(This article first appeared with an issue of the Possibilities newsletter.)
Will Bontrager
