Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Getting the url of referring page

by Anonymous Monk
on Jul 19, 2002 at 22:13 UTC ( #183474=perlquestion: print w/replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Is there a way to get the url of the page that was used to link to a cgi script, thus checking and allowing only users to use the functionality of the cgi script if they've come from a specific desired page of the site. Thanks

Replies are listed 'Best First'.
Re: Getting the url of referring page
by dws (Chancellor) on Jul 19, 2002 at 22:50 UTC
    Is there a way to get the url of the page that was used to link to a cgi script, ...

    Yes, but not reliably. If the referring page is passed to the web server, it will be available to the CGI in $ENV{HTTP_REFERER}. If you're using, the referer() function will return this value.

    The problem is that a few paranoid firewalls will strip the Referer: header from the HTTP request, so you're not guaranteed to get one from 100% of the browsers that might hit your site.

Re: Getting the url of referring page
by ichimunki (Priest) on Jul 19, 2002 at 22:35 UTC
    Is there a way? Yes.

    It looks a bit like:

    #!/usr/bin/perl -w use strict; use CGI; my $C = CGI->new; if($C->referer eq 'some URL'){ process_page(); } else{ bounce_page(); }
    Suggested reading: perldoc CGI

    update: I should've mentioned what dws mentions below, that referer is not always present or accurate (although one can make a case for why browsers should *not* strip/alter this header). Your other solution is to generate a session ID or form key on the originating page (as a hidden field) that must be submitted along with the form or used as part of the URL. But that will only work if you are using forms, not just plain links. You might be able to get it to work with some JavaScript trickery, but to my way of thinking that's worse than simply denying access to people who munge referer headers.

      This could be done rather simply with a cookie, as well. Then you don't have to worry about whether or not your user is navigating through forms or links. Of course, if they have cookies turnes off, you're outta gas.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://183474]
Approved by ichimunki
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (5)
As of 2018-04-23 00:20 GMT
Find Nodes?
    Voting Booth?