• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 920
  • Last Modified:

a servlet/jsp question and HTTP_REFERER

i have a jsp authentication form that posts to a servlet.
if the authentication fails(ie bad username) i want to send back message to the calling jsp.

i was going to use HTTP_REFERER and just send the message back to HTTP_REFERER , but i have been doing some reading and it appears that HTTP_REFERER  is not dependable. That some tools like norton will block this

so does any but know this for sure and how do other people handle this. For now i have a myreferer hidden in the jsp, but seems a little kludgy

Thanks for any help
Randy
0
paries
Asked:
paries
  • 6
  • 5
  • 2
1 Solution
 
CEHJCommented:
You could use Ajax and thus not only be able to send a message to the caller, but do it without leaving the caller
0
 
pariesAuthor Commented:
yeah thats ok, but i am having all sorts of wonderful security problems with alot of my customers so ajax is only an option, which means you still have to write for the browsers that will not run ajax.

thanks
0
 
colr__Commented:
Or you could simply post back to the calling JSP with a url paramater that states that the login failed.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
pariesAuthor Commented:
correct, but the question is , what is the best way to post back to the calling jsp?
0
 
pariesAuthor Commented:
how do i know what the calling jsp is?
0
 
CEHJCommented:
You could make clients pass themselves as referer explicitly as one of the post params
0
 
pariesAuthor Commented:
k that i how this post started. That is exactly what i am doing now.
"For now i have a myreferer hidden in the jsp, but seems a little kludgy" I guess i should have said
"For now i have a myreferer as a hidden in the jsp, but seems a little kludgy"
0
 
CEHJCommented:
Well what i'm suggesting is user interaction. What you're suggesting sounded like hard-coding...
0
 
pariesAuthor Commented:
ok i am confused
how do i "make clients pass themselves as referer explicitly as one of the post params"
0
 
colr__Commented:
<input type="hidden" name="referrer" value="thisPage.jsp" />
0
 
CEHJCommented:
Try doing something like this in the onsubmit handler of the form

function submitForm() {
    document.forms[0].username.value = ...
    document.forms[0].password.value = ...
    document.forms[0].referer.value = document.location;
    return true;
}

..............

<input type="hidden" name="referer" value="" >
0
 
CEHJCommented:
Or rather

document.forms[0].referer.value = document.location.href;
0
 
CEHJCommented:
:-)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now