468,248 Members | 1,464 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,248 developers. It's quick & easy.

Page referer not getting set

Hi All,

I do web design for some small organizations, and one of the sites I have
set up takes online conference registrations. Now, most of the time it
works. In fact, every time I try it, it works fine.

However, after having many complaints about it not working right, I finally
discovered that some of my users do not have the page referer set when they
request my page, and I was checking on the form submission page to make sure
that the referer was the correct page.

What could cause people to not have their referer set? What is the solution
for this sort of problem? Just don't check the referer?

-Josh
Jul 17 '05 #1
5 2492

On 13-Feb-2004, "Joshua Beall" <jb****@donotspam.remove.me.heraldic.us>
wrote:
I do web design for some small organizations, and one of the sites I have
set up takes online conference registrations. Now, most of the time it
works. In fact, every time I try it, it works fine.

However, after having many complaints about it not working right, I
finally
discovered that some of my users do not have the page referer set when
they
request my page, and I was checking on the form submission page to make
sure
that the referer was the correct page.

What could cause people to not have their referer set? What is the
solution
for this sort of problem? Just don't check the referer?


Some browsers and many of the popup blockers allow the user to block the
referrer making it undependable.

--
Tom Thackrey
www.creative-light.com
tom (at) creative (dash) light (dot) com
do NOT send email to ja*********@willglen.net (it's reserved for spammers)
Jul 17 '05 #2
On Sat, 14 Feb 2004, Joshua Beall wrote:
What could cause people to not have their referer set? What is the solution
for this sort of problem? Just don't check the referer?


The specs?

Take a look at section 15.1.13 of RFC 2616:

: ...it is strongly recommended that the user be able to select whether or
: not the Referer field is sent.

<http://www.w3.org/Protocols/2616/rfc2616-sec15.html#sec15.1.3>

It has always been an optional field. Relying on the referer to be set to
some particular URI(s) you expect them to arrive from will break people
trying to link to your page[0] from elsewhere, and your pages from working
at all for some users. In general, this is poor practice.

I've also seen institutional browsers sometimes set to always send the same
fixed Referer, so just checking non-blank Referers will hurt some folk too.

0 - loosely. Really whatever you're returning from the script, be it page,
image or whatever else.

--
ash
a-k
.... Why is there so much month left at the end of the money?

Jul 17 '05 #3
"Ash Argent-Katwala" <as*@videdot.com> wrote in message
news:Pi**************************************@tung sten.doc.ic.ac.uk...
On Sat, 14 Feb 2004, Joshua Beall wrote:
What could cause people to not have their referer set? What is the solutionfor this sort of problem? Just don't check the referer? Take a look at section 15.1.13 of RFC 2616:

: ...it is strongly recommended that the user be able to select whether or
: not the Referer field is sent.


Hmm, good point.
It has always been an optional field. Relying on the referer to be set to
some particular URI(s) you expect them to arrive from will break people
trying to link to your page[0]


Well, you do not always want your pages to be linked from elsewhere, so that
is not a really good reason to not use it. But obviously the fact that it
is considered optional is reason enough, indeed.

Thanks!
Jul 17 '05 #4
Ash Argent-Katwala wrote:
I've also seen institutional browsers sometimes set to always send the same
fixed Referer,


This seems silly to me. Nowhere in RFC2616 says that fake referrer
information can be sent by the client.

--
Jock
Jul 17 '05 #5
On Mon, 16 Feb 2004, John Dunlop wrote:
This seems silly to me. Nowhere in RFC2616 says that fake referrer
information can be sent by the client.


Indeed. I'm just not sure I want to poke people in the eye for having it
configured that way (when it's likely their network/systems admin who's
done that to their setup and they can't necessarily do anything about it).

--
ash
a-k
.... Have you noticed how we only win the World Cup under a Labour government?

Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Mike Brearley | last post: by
3 posts views Thread by Des | last post: by
1 post views Thread by Raed Sawalha | last post: by
2 posts views Thread by TR | last post: by
6 posts views Thread by scottyman | last post: by
5 posts views Thread by Bill Davidson | last post: by
reply views Thread by NPC403 | last post: by
reply views Thread by kermitthefrogpy | last post: by
reply views Thread by zattat | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.