--- loncom/interface/lonmsgdisplay.pm	2022/01/19 15:04:15	1.197
+++ loncom/interface/lonmsgdisplay.pm	2023/09/15 22:32:46	1.200
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines for messaging display
 #
-# $Id: lonmsgdisplay.pm,v 1.197 2022/01/19 15:04:15 raeburn Exp $
+# $Id: lonmsgdisplay.pm,v 1.200 2023/09/15 22:32:46 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -111,6 +111,7 @@ use Apache::loncommunicate;
 use Apache::lonfeedback;
 use Apache::lonrss();
 use Apache::lonselstudent();
+use Apache::lonenc();
 use lib '/home/httpd/lib/perl/';
 use LONCAPA qw(:DEFAULT :match);
 
@@ -2503,12 +2504,16 @@ sub displaymessage {
                               $showsymb,$env{'user.domain'},$env{'user.name'});
                 if ($symb) {
                     if ($encrypturl =~ /^yes$/i && !$env{'request.role.adv'}) {
-                        $showsymb = &Apache::lonenc::check_encrypt($symb);
+                        unless ($showsymb =~ m{^/enc/}) {
+                            $showsymb = &Apache::lonenc::encrypted($showsymb);
+                        }
                     }
                     $symblink = '?symb='.$showsymb;
                 }
                 if ($encrypturl =~ /^yes$/i && !$env{'request.role.adv'}) {
-                    $showurl = $baseurl;
+                    unless ($showurl =~ m{^/enc/}) {
+                        $showurl = &Apache::lonenc::encrypted($showurl);
+                    }
                 }
                 $r->print(&Apache::lonhtmlcommon::row_title(&mt('Refers to'))
                          .'<a href="'.$showurl.$symblink.'">'.$restitle.'</a>'
@@ -2702,9 +2707,10 @@ sub displayresource {
      && (&Apache::lonnet::allowed('vgr',$content{'courseid'}))) {
         my $symb;
         if (defined($content{'symb'})) {
-            $symb = $content{'symb'};
-        } else { 
-	    $symb=&Apache::lonnet::symbread($content{'baseurl'});
+            $symb = &Apache::lonenc::check_decrypt($content{'symb'});
+        } elsif (defined($content{'baseurl'})) {
+            $symb =
+                &Apache::lonnet::symbread(&Apache::lonenc::check_decrypt($content{'baseurl'}));
         }
 # Could not get a symb, give up
 	unless ($symb) { return $content{'citation'}; }
@@ -3264,9 +3270,24 @@ sub handler {
          'sendreply','compose','sendmail','critical','recname','recdom',
          'recordftf','sortedby','folder','startdis','interdis',
 	 'showcommentbaseurl','dismode','group','subject','text','ref',
-         'msgstatus']);
+         'msgstatus','btoken']);
     $sqs='&amp;sortedby='.$env{'form.sortedby'};
 
+# ----------- Check if access was from balancer to server with existing session
+
+    if ($env{'form.btoken'}) {
+        my %info = &Apache::lonnet::tmpget($env{'form.btoken'});
+        &Apache::lonnet::tmpdel($env{'form.btoken'});
+        delete($env{'form.btoken'});
+        unless ($env{'form.display'}) {
+            if (($info{'display'}) && ($info{'mailrecip'})) {
+                if (&unescape($info{'mailrecip'}) eq $env{'user.name'}.':'.$env{'user.domain'}) {
+                    $env{'form.display'} = &unescape($info{'display'});
+                }
+            }
+        }
+    }
+
 # ------------------------------------------------------ They checked for email
     &Apache::lonnet::put('email_status',{'recnewemail'=>0});