Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I find out where a user has come from when they use GET?

Posted on 2004-08-31
5
Medium Priority
?
214 Views
Last Modified: 2010-03-04
How can I find the URL or file name of the page last visited by a user that uses a GET request method?  For example, if someone makes a PHP script using this code:

header("Location: http://www.myDomain.com/mainMenu.php");

How can detect if they went straight to the main menu and by-passed the login page?
There's no 'HTTP_REFERER' evironment variable like there is when a POST is used.

Thanks,
bmh
ps. Can this be done w/o using cookies?
0
Comment
Question by:bmh777
  • 3
  • 2
5 Comments
 
LVL 4

Expert Comment

by:chipple
ID: 11949050
HTTP_REFERER is also present for GET requests, but only when the user agent supports it and when it's available (e.g. if the user really accesses mainMenu.php directly then there's no HTTP_REFERER, whether the request is GET or POST).
0
 

Author Comment

by:bmh777
ID: 11949204
How can you go directly to a page using POST?

I went to a PHP page using my above example and by typing the complete url in my browser, both are GET requests and neither one had a HTTP_REFERER.  I did this for NN 7.1 and IE 6.  When is HTTP_REFERER present for a GET request?
0
 
LVL 4

Expert Comment

by:chipple
ID: 11949254
It's present when you click a link or are redirected, but if the user is coming from nowhere before the redirect then there may be no HTTP_REFERER.

Scenario #1

1. User is at http://www.experts-exchange.com/
2. User clicks http://www.myDomain.com/RedirectToMainMenu.php (GET request with HTTP_REFERER set to "http://www.experts-exchange.com/")
3. User is redirected to http://www.myDomain.com/mainMenu.php (GET request with HTTP_REFERER still set to "http://www.experts-exchange.com/" because of redirection)

Scenario #2

1. User accesses http://www.myDomain.com/RedirectToMainMenu.php directly (GET request, blank HTTP_REFERER)
2. User is redirected to http://www.myDomain.com/mainMenu.php (GET request, blank HTTP_REFERER)

That's the way redirection works, it itself has nothing to do with whether the request contains a HTTP_REFERER or not.
0
 

Author Comment

by:bmh777
ID: 11949352
So with that said, how can I detect if a user went straight to the main menu and by-passed the login page?  And,  how can you go directly to a page using POST?
0
 
LVL 4

Accepted Solution

by:
chipple earned 300 total points
ID: 11949392
If there's no HTTP_REFERER, then the user either went straight to the main menu, or the user doesn't have a browser that supports HTTP_REFERER [correctly].
If that's not enough, you'll have to use cookies, session, etc.

You can't go directly to a page using POST with a regular Web browser. You can however do POST requests using script, like this example:

$fp = fsockopen("www.myDomain.com",80);
fwrite($fp,'POST /mainMenu.php HTTP/1.0
Host: www.myDomain.com'."\n\n");
$buf = "";
whlie (!feof($fp)) $buf .= fred($fp,0x1000);
fclose($fp);

Good luck.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month7 days, 15 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question