Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Obtaining requesting form's URL?

by ashisht (Acolyte)
on Mar 22, 2004 at 20:56 UTC ( #338764=perlquestion: print w/replies, xml ) Need Help??

ashisht has asked for the wisdom of the Perl Monks concerning the following question:

Dear Perl Monks,

Is it possible for a Perl-CGI script to determine what was the URL of the form where the user clicked 'submit' to reach the script?

That is, when a user submits my form at http://abc/searchForm2.cgi, the script executed is http://xyz/searchFiles.cgi. Now, within searchFiles.cgi, is it possible for me to determine that the submitting form was http://abc/searchForm2.cgi?


Replies are listed 'Best First'.
Re: Obtaining requesting form's URL?
by tinita (Parson) on Mar 22, 2004 at 21:21 UTC
    yes you can, like it was said, by adding a hidden field.
    using HTTP_REFERER is not recommendable (can be anything the browser wants it to be, is often not set at all and can be faked). hidden fields can be faked, too, but here is my question to you: what do you need that for?
    if it's for security reasons, and you need to make sure that the calling site is a specific one, then you have to use something more complex like session ids.
    if it's just useful but it's not dangerous for your application if the referring site is faked, then use the hidden field.
    if it's just for fun, use $ENV{HTTP_REFERER}
      To expand on the more secure session key format, you can tuck away the location of the form that was last accessed (generated) in your app and then when a post happens and the session ID is valid you know where the last display of information came from. If you have a more complicated site that has complex structure you can add to a "queue" like array that keeps the last lets say 10 generated page locations in the session and the form portion of the app can loop through the array and see if an acceptable page to generate the form is in the list.

      Another option is a flag, in this scenario you have a pair of generated form page and POST processors, when the session is accessed in such a way where the form generating section of code is called, a flag is set in the session. Then when the form is posted back to the app you can check to make sure the flag has been set and clear it to force the same path in the future. If the flag is not set you can error out and force the correct path to happen. This should help reduce the problem of tabbed viewing with the same session.

Re: Obtaining requesting form's URL?
by tcf22 (Priest) on Mar 22, 2004 at 21:00 UTC
    You should be able to use the environmnet variable HTTP_REFERER.

    if($ENV{HTTP_REFERER} eq 'http://abc/searchForm2.cgi'){ # Do whatever }

    - Tom

      As often posted, referers aren't too reliable (I for one turned "Send Referrer" off in my browser).

      Another solution (not too reliable neither) could be to add a hidden field in the form with the URL, or script name. Or analyze your webbrowser's access log (may be overkill, but probably works best).


      All code is usually tested, but rarely trusted.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://338764]
Approved by b10m
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (3)
As of 2022-01-17 23:19 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (52 votes). Check out past polls.