Solved

Referer information lost on re-direct

Posted on 2004-08-22
7
329 Views
Last Modified: 2008-03-03
I am doing this
header('location:'.$newurl);

to make a php page do a re-direct to a new url, but when the new page is displayed it dosnt have any referer.

Any ideas on how to make sure referer is always set? Is there a header function to set the referer?

0
Comment
Question by:wildzero
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 11865912
the referer is unreliable anyway so as a general rule avoid using it, in these situations i usually advise using the sessions work around.

first page:

session_start();
$_SESSION['ref'] = $_SERVER['PHP_SELF'];


checking page:

session_start();
if (!isset($_SESSION['ref'])) {
 //referer is not set
}

you can alternatively check the value stored in the session too if you are checking multiple pages, eg.

session_start();
if (isset($_SESSION['ref']) && $_SESSION['ref'] == "/yourreferingpage.php") {
 //referer is set and is valid
}

make sure session_start(); is always at the top of your page
0
 
LVL 10

Author Comment

by:wildzero
ID: 11866113
The page that it is getting sent to is on another server so i can't do sessions. Referers is the best way and it works perfect, but when you re-direct with header('location......... it loses the data

0
 
LVL 27

Accepted Solution

by:
Diablo84 earned 125 total points
ID: 11866404
As far as im aware the information should be retained none the less, even so i still would not advise trusting the referer as it is set client side and can be blocked from being sent so there will be cases where it will not be set, quote from the manual:

"The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted."

That said you could use a modification of the above code using cookies instead of sessions, example:

first page:

$ref = $_SERVER['PHP_SELF'];
setcookie("ref", $ref, time()+3600, "/", ".domain.com");

checking page:

if (isset($_COOKIE['ref']) && $_COOKIE['ref'] == "http://www.yourdomain.com/yourreferingpage.php") {
 //referer is set and is valid
}
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 10

Author Comment

by:wildzero
ID: 11866433
Still dosn't quite solve it, as some of the pages it redirects to I can't alter the page. Simple testing shows that header:location removed the referer.....

I thought there could have been a header:referer that could be set..... or somthing.
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11866444
I just done a test here

a.php

<?php
header("location: b.php");
?>

b.php

<?php
echo $_SERVER['HTTP_REFERER'];
?>

and b.php produces http://localhost/ - the referer so the header does not remove it
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11866469
heres my last idea for this one, and is probably even less practical then the previous suggestions

include the file on the second server in a file on the first server with restrictions, example:

server a file (called inc.php for example):

include('http://serverB.com/page.php');

top of page.php on server b

if ($_SERVER['HTTP_HOST'] != "http://serverA.com" || $_SERVER['PHP_SELF'] != "/inc.php") {
 die ("you cannot access this file directly");
}
0
 
LVL 2

Expert Comment

by:nsstone
ID: 11899449
Can you pass the referrer along in another variable (like a hidden input variable) and use it even if it isn't any longer strictly $_REFERRER?
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Move wordpress site 3 41
Cannot call a static method on an Eloquent object 6 33
Loop through multiple arrays 13 29
Showing random records from database 10 37
Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question