Scenario: User searches for something and gets a link to a sub-page on a site, proceeds to go there, but is asked to sign-up/login - they do so, only then once they are logged in, they are redirected to the main page or the "mobile" version of the page, as opposed to the one that they were originally intending to view
Is there any sort of security reason for this, or is it just lazy programming, or something else?
This practice of resuming the original request after authentication is sometimes called "bookmarking," because it allows users to bookmark specific parts of a site and "go there" by way of the login process.
When bookmarking isn't available, it's usually a sign that the site wasn't designed or architected to allow it. For example, if authentication is detected and enforced by a border device (like a Web Application Firewall), then the redirection to the login page may take place there, leaving the back-end application without any indication of what the initial target was.
In this case it would be a security-related decision - it is the imposition of the WAF that restricts the choices of the application. Similar limitations can also occur solely within the application, if it isn't designed to maintain that state through the login process, in which case it wouldn't be a security-related limitation.
Is there any sort of security reason for this, or is it just lazy programming, or something else?
There is no security reason to it as long as the website doesn't take user input and then redirect them there without any input validation.
The only thing i can see here is just poor design.I mean the customer was already interested in a product instead of taking him there you are taking him somewhere else.This is not just lazy programming but also might result in less sales.
