Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: $ENV{HTTP_REFERER} Problem on a Windows Client

by fruiture (Curate)
on May 24, 2004 at 12:03 UTC ( #355872=note: print w/replies, xml ) Need Help??

in reply to $ENV{HTTP_REFERER} Problem on a Windows Client

The "Referer" is something you can NEVER rely on. It's completely up to the user-agent whether it is sent at all and what's in it. Even if the referer was your script1.cgi would not mean that the user has ever triggered that URL, it might be, the user might also trick you. IE seems to treat Javascript-redirects as something without referer, that's up to him and OK, just as it is OK when Mozilla thinks otherwise.

If you want to make sure your second script is run, you must not rely on the client: Javascript is not supported by all browsers and not actived by all users, HTML-redirects (http-equiv="refresh") may be ignored, as well as a Staus 301/302/303 HTTP-Redirect. You must solve the problem within the server. Maybe by using exec, or do, or require, or by turning script2.cgi into a Perl Module and use that module from script1.cgi ...

  • Comment on Re: $ENV{HTTP_REFERER} Problem on a Windows Client

Replies are listed 'Best First'.
Re: Re: $ENV{HTTP_REFERER} Problem on a Windows Client
by soon_j (Scribe) on May 24, 2004 at 12:11 UTC

    I am using it as a "crude" way to sort of detect if a session id is called directly or from a script. I am trying to avoid session replaying or hijacking by trying to determine if the session id is validly passed from the script or not.

    Though my session id's expire after "n" minutes, if the session is replayed within the "n" period, this is still possible, but this is not what I wanted. Do you have some sort of "sanity check" suggestions?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://355872]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2018-06-19 01:38 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (111 votes). Check out past polls.