Hiding parameters on url with nginx

Question

I have a website with this kind of adresses:

www.mydomain.com/user/userprofile/[userprofile1]?r=[login]&w=[encryptedpassword]

ie:

www.mydomain.com/user/userprofile/toto?r=reqqfdvca&w=skvlsqmg www.mydomain.com/user/userprofile/titi?r=re45a&w=slkvldfgmg www.mydomain.com/user/userprofile/tutu?r=reqq0krgca&w=s46893ls etc...

the parameters are important because there are credentials to access the website but I would like my adresses to look like:

www.mydomain.com/user/userprofile/toto www.mydomain.com/user/userprofile/titi www.mydomain.com/user/userprofile/tutu etc...

I'm new with nginx, and my english is not perfect so please excuse my mistakes, also I'm not familiar at all with regex (that's why I'm writing this url-rewriting question). but please does anyone have an idea on how to do that?

thanks

---

The point is that I'm afraid it won't be possible to POST these vars. I mean: to access my website each user may scan a QR code. This QR code contain a shortened url that redirect to this kind of url (those with credential) My joomla website detects credential in the url and automaticaly logs the user in.

That's why i would like to hide this vars

Answer 1

You should pass those parameters in a hidden format using either POST or SESSIONS. They appear in the address because they are being passed using a GET request, it's good for debugging but not for long term use as they are easily copied and make it easy for someone to login as someone else.

Using POST or SESSIONS will make the URL appear as you want.

HTTP Methods: GET vs. POST