Let's break down why this is happening first: when you navigate from search.php to singleproduct.php and then use the browser back button to return to search.php, your server might still be holding onto the old referrer (singleproduct.php) in session or relying on the HTTP_REFERER header—which doesn't update when you use the back button (since it's a cached page load, not a fresh request). That's why your login redirects to the wrong page.

Here are two reliable solutions to fix this:

Solution 1: Pass Redirect URL as a GET Parameter (Most Reliable) #

Instead of relying on session or referrer headers, explicitly pass the current page's URL when the user clicks the login button. This ensures you always get the exact page the user is on when they initiate login.

1. Modify the login button link/form on your pages:
   For a link-based login:

   <a href="login.php?redirect=<?php echo urlencode($_SERVER['REQUEST_URI']); ?>">Login</a>
   

   For a form-based login, add a hidden input:

   <form action="auth.php" method="POST">
       <!-- Your username/password fields -->
       <input type="hidden" name="redirect" value="<?php echo urlencode($_SERVER['REQUEST_URI']); ?>">
       <button type="submit">Login</button>
   </form>
   

   This captures the current page's URI at the moment the user clicks login, even if they arrived via browser back.

2. Handle the redirect in your authentication script:
   After validating the user's credentials, retrieve the redirect parameter and sanitize it to prevent open redirect attacks:

   session_start();
   // Validate credentials first...
   
   // Sanitize redirect URL to only allow same-domain paths
   $redirect_url = isset($_POST['redirect']) ? $_POST['redirect'] : '/';
   if (!str_starts_with($redirect_url, '/')) {
       $redirect_url = '/'; // Fallback to homepage if invalid
   }
   
   header("Location: " . $redirect_url);
   exit();
   

Solution 2: Update Session Redirect URL on Fresh Page Loads #

If you prefer using sessions, make sure you update the stored redirect URL every time a user loads a page (except login/auth pages) via a fresh request. This fixes the cached page issue by ensuring the session gets updated when the user actually loads search.php (even via back button, if your page isn't cached aggressively).

1. Add this to the top of all non-login pages (search.php, singleproduct.php, etc.):

   session_start();
   // Skip login and authentication pages to avoid loops
   $current_script = basename($_SERVER['PHP_SELF']);
   if (!in_array($current_script, ['login.php', 'auth.php'])) {
       // Build the full current URL
       $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'http://';
       $current_url = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
       // Only update if this is a fresh GET request (not a POST or AJAX)
       if ($_SERVER['REQUEST_METHOD'] === 'GET' && !isset($_SERVER['HTTP_X_REQUESTED_WITH'])) {
           $_SESSION['redirect_url'] = $current_url;
       }
   }
   

2. Use the session value in your auth script:

   session_start();
   // Validate credentials...
   
   $redirect_url = isset($_SESSION['redirect_url']) ? $_SESSION['redirect_url'] : '/';
   // Clear the session variable to avoid reusing it accidentally
   unset($_SESSION['redirect_url']);
   
   header("Location: " . $redirect_url);
   exit();
   

   Note: This works best if your pages aren't cached with Cache-Control headers that prevent fresh requests. If search.php is heavily cached, the PHP code won't run when the user hits back, so the session value won't update—making the GET parameter method more reliable.

Why Your Original Setup Failed #

The root cause is likely that your code stored the redirect URL when the user first navigated to singleproduct.php, and when you used the browser back button to return to search.php, the page loaded from cache without triggering your PHP code to update the redirect URL. The server still had the old singleproduct.php URL stored, so it redirected there after login.

内容的提问来源于stack exchange，提问作者tommyq1999