POST method and HTTP-REFER

  • Thread starter Jay Janarthanan
  • Start date
J

Jay Janarthanan

We have a application which allows other authorized sites to send users to
our site...when the user is sent to us, user info is sent to us as a hidden
Form variable and we use the HTTP-REFER variable to make sure the user is
coming from an approved site. Now I understand the user of HTTP-REFER is not
a good idea, is there any other ways to validate where a user is coming
from.

Jay
 
J

Jay Janarthanan

Thanks...but we need to know where the user came from. HTTP_REFER is good,
but some time older browsers don't support it. We found the support around
96%., but for me the biggest worry is the security and since HTTP_REFER is
at Layer7, it can be spoofed a lot easily.

Jay



You can use the REMOTE_ADDR server variable to get the
users IP adress and use it instead of HTTP_REFER.
But the only way to get the page a user came from is with
the HTTP_REFER..

/Fredrik Normén NSQUARED2
http://www.nsquared2.net
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trying to figure out http request POST phrasing 1
May I post a link to our graduate research project concerning Java Concurrency? 0
How to submit form after calling curl post 4
Telegram bot api 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Need tips on adding an auth layer to an existing webapp 1
PYTHON HTTP POST 3
HTTP Post Request 7

Members online

Total: 28 (members: 2, guests: 26)
Robots: 458

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top