Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASP.NET - what was the previous page (referrer)?

Posted on 2004-04-08
4
Medium Priority
?
441 Views
Last Modified: 2008-02-01
I have an ecommerce app in ASP.NET which goes off to a secure site to take credit card details. The secure site sends the user back to one of my pages if the details are entered successfully, and that page converts the shopping cart into a firm order.

I don't want anyone simply entering the URL of that page, as it would try to create the order without the user first having supplied card details. One way would be to detect whether the previous page was the secure site or not. It if it was, I proceed, if not, I redirect them to the checkout page or an error page.

Is this a good approach? How do I do it?
0
Comment
Question by:crescendo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
dfiala13 earned 2000 total points
ID: 10782581
That's one way to do it. There are not a lot of great options when you send off your user to another site.

Does your payment vendor send you back any token in the redirect that indicates who the user was?

But back to your question...

Yes, you can check the Request.UrlReferrer value in your pageload and if you don't like the URL redirect to another page.

if Request.UrlReferrer <> "Https://blablah.com" then
       Response.Redirect = "another Url"
End if

Note this can be a bit of a trial and error approach if you look for an exact page in the URL.

The other option, is to add a session variable that indicates you sent the user of to the payment site.  Check for the presence of the variable when the page is accessed.  If not there, redirect as above.
0
 
LVL 7

Expert Comment

by:ScrptMasta
ID: 10785383
I'm with the above comments as it pertains to loading up a session variable. However this isn't going to work if there are 2 web sites involved as each different site will setup a new session. Session variables are private to the app and we have two apps here.

I would suggest having a hidden label on the form that comes up after the secure page sends the user back. Then send an the url referrer and if it matches what the hidden label equals then, yada,yada.....
0
 
LVL 9

Author Comment

by:crescendo
ID: 10785494
Hi

The remote site isn't under my control and just redirects back to a page I specify. I could include stuff in the URL, but I'm looking for ways to avoid the possibility of the user keying in or bookmarking the URL, so that wouldn't help too much.

The UrlReferrer code shown by difiala13 does the trick, so he gets the coconut. And I'm now thinking of ditching the external site and writing something myself!

Thanks

0
 
LVL 12

Expert Comment

by:dfiala13
ID: 10828045
BTW,
If you can dynamically have them include somthing in the return URL to your site, I'd create a unique token (GUID is easy) and have the pay site  include it in the return URL and store it in a session var on your site.  When the return call comes and you are happy with the referer check that the GUID supplied by the pay site matches the GUID in session.  You can kill the token after the first successful match or it will die when the session expires.

Dim g as Guid = new Guid()

Session("PayToken") = g

Send off to Pay site with intructions to return g in the URL.

if Request.UrlReferrer = "Https://blablah.com" then
    gRecd = CType(Request.QueryString("g"), Guid)
    gToken = CType(Session("PayToken"), Guid)
   if gRecd <> gToken then
        Response.Redirect = "another Url"
   End if
  Else
       Response.Redirect = "another Url"
End if
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question