Solved

How can I find out where a user has come from when they use GET?

Posted on 2004-08-31
5
209 Views
Last Modified: 2010-03-04
How can I find the URL or file name of the page last visited by a user that uses a GET request method?  For example, if someone makes a PHP script using this code:

header("Location: http://www.myDomain.com/mainMenu.php");

How can detect if they went straight to the main menu and by-passed the login page?
There's no 'HTTP_REFERER' evironment variable like there is when a POST is used.

Thanks,
bmh
ps. Can this be done w/o using cookies?
0
Comment
Question by:bmh777
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:chipple
ID: 11949050
HTTP_REFERER is also present for GET requests, but only when the user agent supports it and when it's available (e.g. if the user really accesses mainMenu.php directly then there's no HTTP_REFERER, whether the request is GET or POST).
0
 

Author Comment

by:bmh777
ID: 11949204
How can you go directly to a page using POST?

I went to a PHP page using my above example and by typing the complete url in my browser, both are GET requests and neither one had a HTTP_REFERER.  I did this for NN 7.1 and IE 6.  When is HTTP_REFERER present for a GET request?
0
 
LVL 4

Expert Comment

by:chipple
ID: 11949254
It's present when you click a link or are redirected, but if the user is coming from nowhere before the redirect then there may be no HTTP_REFERER.

Scenario #1

1. User is at http://www.experts-exchange.com/
2. User clicks http://www.myDomain.com/RedirectToMainMenu.php (GET request with HTTP_REFERER set to "http://www.experts-exchange.com/")
3. User is redirected to http://www.myDomain.com/mainMenu.php (GET request with HTTP_REFERER still set to "http://www.experts-exchange.com/" because of redirection)

Scenario #2

1. User accesses http://www.myDomain.com/RedirectToMainMenu.php directly (GET request, blank HTTP_REFERER)
2. User is redirected to http://www.myDomain.com/mainMenu.php (GET request, blank HTTP_REFERER)

That's the way redirection works, it itself has nothing to do with whether the request contains a HTTP_REFERER or not.
0
 

Author Comment

by:bmh777
ID: 11949352
So with that said, how can I detect if a user went straight to the main menu and by-passed the login page?  And,  how can you go directly to a page using POST?
0
 
LVL 4

Accepted Solution

by:
chipple earned 75 total points
ID: 11949392
If there's no HTTP_REFERER, then the user either went straight to the main menu, or the user doesn't have a browser that supports HTTP_REFERER [correctly].
If that's not enough, you'll have to use cookies, session, etc.

You can't go directly to a page using POST with a regular Web browser. You can however do POST requests using script, like this example:

$fp = fsockopen("www.myDomain.com",80);
fwrite($fp,'POST /mainMenu.php HTTP/1.0
Host: www.myDomain.com'."\n\n");
$buf = "";
whlie (!feof($fp)) $buf .= fred($fp,0x1000);
fclose($fp);

Good luck.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question