zeroreality
asked on
ServerVariables("HTTP_REFERER") = null when using HTTP, but not on HTTPS
This is by far the oddest bug I've ever encountered.
Our site is used with both HTTP and HTTPS (where HTTPS is for users who log in). This means that HTTP is used as the default except on certain pages that need to be secure (like the cart/checkout). Our setup for purchasing works in a simple way; each page that actually adds/modifies a product contains a Response.Redirect(url) at the end so the page is never seen by the browser. On each of these pages however, we trap for outside requests/POSTs for security reasons.
now the fun part.
When using HTTP, the Request.ServerVariables("H TTP_REFERE R") is null. the HTTP_REFERER object is also not part of ALL_HTTP either. The basic effect is that anyone not logged in now cannot order anything because the modifier page does not detect that the request is coming from a friendly page.
Here is the ALL_HTTP when using HTTP:
HTTP_CONNECTION:Keep-Alive
HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpo int, application/vnd.ms-excel, application/msword, application/x-shockwave-fl ash, */*
HTTP_ACCEPT_ENCODING:gzip, deflate
HTTP_ACCEPT_LANGUAGE:en-us
HTTP_COOKIE:ASPSESSIONIDCQ ATSTTA=GIO BCOCAPFPLB FJHPJLIFCJ K; SID=9858567887025044399209 22680162
HTTP_HOST:www.baka.ca
HTTP_USER_AGENT:Mozilla/4. 0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
Switch to HTTPS, and the Request.ServerVariables("H TTP_REFERE R") returns a proper value. So anyone who logs in CAN order products because the request page is properly detected.
Here is the ALL_HTTP when using HTTPS:
HTTP_CONNECTION:Keep-Alive
HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpo int, application/vnd.ms-excel, application/msword, application/x-shockwave-fl ash, */*
HTTP_ACCEPT_ENCODING:gzip, deflate
HTTP_ACCEPT_LANGUAGE:en-us
HTTP_COOKIE:ASPSESSIONIDCQ ATSTTA=GIO BCOCAPFPLB FJHPJLIFCJ K; SID=9858567887025044399209 22680162
HTTP_HOST:www.baka.ca
HTTP_REFERER:http://www.baka.ca/test/referer.asp?3%2F30%2F2004+12%3A36%3A38+PM
HTTP_USER_AGENT:Mozilla/4. 0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
You can view my test page at http://www.baka.ca/test/referer.asp
The page contains 2 links at the bottom that switch between HTTP and HTTPS. The HTTP_REFERER is bold and in red so you can't miss it (done through code). I also removed a the PATH_TRANSLATED and APPL_PHYSICAL_PATH intentionally (through code).
The question is, What is causing this error/problem and/or How do I solve it?
Our site is used with both HTTP and HTTPS (where HTTPS is for users who log in). This means that HTTP is used as the default except on certain pages that need to be secure (like the cart/checkout). Our setup for purchasing works in a simple way; each page that actually adds/modifies a product contains a Response.Redirect(url) at the end so the page is never seen by the browser. On each of these pages however, we trap for outside requests/POSTs for security reasons.
now the fun part.
When using HTTP, the Request.ServerVariables("H
Here is the ALL_HTTP when using HTTP:
HTTP_CONNECTION:Keep-Alive
HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpo
HTTP_ACCEPT_ENCODING:gzip,
HTTP_ACCEPT_LANGUAGE:en-us
HTTP_COOKIE:ASPSESSIONIDCQ
HTTP_HOST:www.baka.ca
HTTP_USER_AGENT:Mozilla/4.
Switch to HTTPS, and the Request.ServerVariables("H
Here is the ALL_HTTP when using HTTPS:
HTTP_CONNECTION:Keep-Alive
HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpo
HTTP_ACCEPT_ENCODING:gzip,
HTTP_ACCEPT_LANGUAGE:en-us
HTTP_COOKIE:ASPSESSIONIDCQ
HTTP_HOST:www.baka.ca
HTTP_REFERER:http://www.baka.ca/test/referer.asp?3%2F30%2F2004+12%3A36%3A38+PM
HTTP_USER_AGENT:Mozilla/4.
You can view my test page at http://www.baka.ca/test/referer.asp
The page contains 2 links at the bottom that switch between HTTP and HTTPS. The HTTP_REFERER is bold and in red so you can't miss it (done through code). I also removed a the PATH_TRANSLATED and APPL_PHYSICAL_PATH intentionally (through code).
The question is, What is causing this error/problem and/or How do I solve it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can i know if you managed to get http_refferal working from a https domain ?
ASKER
ive tested it from home now and you're right... no issues. so it has to be some kind of issue from our machines at work.
thanx for the advice, ill take it to heart :)