Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

ASP.NET - what was the previous page (referrer)?

I have an ecommerce app in ASP.NET which goes off to a secure site to take credit card details. The secure site sends the user back to one of my pages if the details are entered successfully, and that page converts the shopping cart into a firm order.

I don't want anyone simply entering the URL of that page, as it would try to create the order without the user first having supplied card details. One way would be to detect whether the previous page was the secure site or not. It if it was, I proceed, if not, I redirect them to the checkout page or an error page.

Is this a good approach? How do I do it?
0
crescendo
Asked:
crescendo
  • 2
1 Solution
 
dfiala13Commented:
That's one way to do it. There are not a lot of great options when you send off your user to another site.

Does your payment vendor send you back any token in the redirect that indicates who the user was?

But back to your question...

Yes, you can check the Request.UrlReferrer value in your pageload and if you don't like the URL redirect to another page.

if Request.UrlReferrer <> "Https://blablah.com" then
       Response.Redirect = "another Url"
End if

Note this can be a bit of a trial and error approach if you look for an exact page in the URL.

The other option, is to add a session variable that indicates you sent the user of to the payment site.  Check for the presence of the variable when the page is accessed.  If not there, redirect as above.
0
 
ScrptMastaCommented:
I'm with the above comments as it pertains to loading up a session variable. However this isn't going to work if there are 2 web sites involved as each different site will setup a new session. Session variables are private to the app and we have two apps here.

I would suggest having a hidden label on the form that comes up after the secure page sends the user back. Then send an the url referrer and if it matches what the hidden label equals then, yada,yada.....
0
 
crescendoAuthor Commented:
Hi

The remote site isn't under my control and just redirects back to a page I specify. I could include stuff in the URL, but I'm looking for ways to avoid the possibility of the user keying in or bookmarking the URL, so that wouldn't help too much.

The UrlReferrer code shown by difiala13 does the trick, so he gets the coconut. And I'm now thinking of ditching the external site and writing something myself!

Thanks

0
 
dfiala13Commented:
BTW,
If you can dynamically have them include somthing in the return URL to your site, I'd create a unique token (GUID is easy) and have the pay site  include it in the return URL and store it in a session var on your site.  When the return call comes and you are happy with the referer check that the GUID supplied by the pay site matches the GUID in session.  You can kill the token after the first successful match or it will die when the session expires.

Dim g as Guid = new Guid()

Session("PayToken") = g

Send off to Pay site with intructions to return g in the URL.

if Request.UrlReferrer = "Https://blablah.com" then
    gRecd = CType(Request.QueryString("g"), Guid)
    gToken = CType(Session("PayToken"), Guid)
   if gRecd <> gToken then
        Response.Redirect = "another Url"
   End if
  Else
       Response.Redirect = "another Url"
End if
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now