How do I save a link to my browser?

Is it possible to create a link that does not get saved to the browser history?

• Many services provide links in transactional emails that automatically initiate an authenticated session using a code in the URI. The problem with this is that if user clicks "Log Out" but does not clear the browser history, another person can visit that authenticated link saved in the history and automatically be logged in again as the other user who had just previously logged out. Is it possible to craft a link that upon redirect to a URI without the authorization code embedded will save the URI to which the user was redirected in the browser history instead of the original URI with authorization code? Assume that you want to do this without invalidating the authentication code in the original email, so that a user can still follow that link later.

• Answer:

  One solution is make browser history irrelevant for the matter. For example I have your need too but I don't care if the link ends up in the history or not. I don't even care if the link gets copied (for whatever reason). I use rotative tokens in the login cookie to control who looks what. The way I did that for my SaaS was by making the link to locate the resource and show it only if: the login cookie was present and that cookie has the expected value in its rotative token. If the login cookie is absent the login page is presented (and the initial request parameters remembered), if the user enters the right user/password the application shows whatever that link pointed to (for example in this example it can be a private comment, a conversation, an estimate or a job). If the users logs out and you take that link in another computer: it will not have the right login cookie or it will have a hacked copy without the expected value in its token therefore, it will present the login page.