By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,161 Members | 1,091 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,161 IT Pros & Developers. It's quick & easy.

HTTP_REFERER question

P: n/a
On our web site we allow our members access to features hosted by another
web site. The way the other web site authenticates users is to check the
value of the HTTP_REFERER. If it comes from our Login.asp page it lets them
in. When our users login to go to the other site, they login on our site's
Login.asp page. When they click submit, our LoginCheck.asp page validates
them and does a response.redirect to the other site. In most cases the
other site sees the HTTP_REFERER as Login.asp (I guess because the
LoginCheck.asp is doing a redirect and HTTP_REFERER doesn't work with
redirects). But in some case the other site is seeing nothing in the
HTTP_REFERER. My question is why would there not be a value in the
HTTP_REFERER object? If anyone can help I would appeciate it.
Jul 22 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
there are clients (webbrowsers) that do not sent HTTP_REFERER. some clients
even allow you to change the referer value. doing an authentication based on
http referer ist about the weakest security you can have. basically you
could as well just put the link on your page without any login :-)

- thomas
"M Smith" <ms****@avma.org> wrote in message
news:O0**************@TK2MSFTNGP12.phx.gbl...
On our web site we allow our members access to features hosted by another
web site. The way the other web site authenticates users is to check the
value of the HTTP_REFERER. If it comes from our Login.asp page it lets
them
in. When our users login to go to the other site, they login on our
site's
Login.asp page. When they click submit, our LoginCheck.asp page validates
them and does a response.redirect to the other site. In most cases the
other site sees the HTTP_REFERER as Login.asp (I guess because the
LoginCheck.asp is doing a redirect and HTTP_REFERER doesn't work with
redirects). But in some case the other site is seeing nothing in the
HTTP_REFERER. My question is why would there not be a value in the
HTTP_REFERER object? If anyone can help I would appeciate it.

Jul 22 '05 #2

P: n/a
> redirects). But in some case the other site is seeing nothing in the
HTTP_REFERER. My question is why would there not be a value in the
HTTP_REFERER object?


Because it is totally up to the browser to send it or not.
http://www.aspfaq.com/2169
Jul 22 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.