[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

HTTP_Referer HELP

Posted on 2003-11-24
2
Medium Priority
?
850 Views
Last Modified: 2012-03-15
Hi All,
I have an Asp page test.asp for which one parameter needs to be passed for eg id=2  so to access the page in correct way the URL would be xyz.com/test.asp?id=2     Now the ID can be 2,3,4 etc ect It is generated dynamically.I dont want users to modify the ID in the address bar hence  I am checking whether request.serverVariable("HTTP_REFERER")<>""   and if it is <>"" then I am processing the page.

I am mailing the link xyz.com/test.asp?id=2 to the customer so if the users have hotmail account,yahoo account or for that matter any web based email account and the customer clicks on the above link the value returned by request.serverVariable("HTTP_REFERER") is not null (unless the customer modifies the ID in the address bar intentionally) .But if the customer has an exchange account for eg if my email lands in outlook express ot microsoft outlook  then the value returned by request.serverVariable("HTTP_REFERER") is null even thought the customer dint play with the the id in the Address bar . I dont want that to hapen .
Is there any solution to this problem Or is there any other alternative way?

Thanks for help
Ken
0
Comment
Question by:fdbtydh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
d0zerz earned 375 total points
ID: 9813128
I don't see how you're going to fix the referer problem from outlook, but I would prevent users from modifying the id with a session variable storing the id...something like this:

if strcomp(Request.QueryString("id"),session("id")) <> 0 _
 and not isNull(session("id")) then
  'error (user has modified ID)
elseif isNull(session("id")) then
  'User hasn't been assigned a sessionID yet
  '...assign an inital one
end if

I'm not sure exactly what kind of permissions you need with id, but you're going to have to come up with something to assign the session("id") initially when they come back from the email client...Probably in a similar way that you're assigning URL ids.  This could enforce that a user can only access a certain page if they have a session("id") AND it matches with the URL id.

I could probably come up with something better if I had some idea of the page "flow" and what you're trying to prevent them from doing :)
0
 

Author Comment

by:fdbtydh
ID: 9983323
I have used session variables and it worked .

Keny
http://www.houstonoptical.com 
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question