We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

a servlet/jsp question and HTTP_REFERER

paries
paries asked
on
Medium Priority
943 Views
Last Modified: 2013-11-24
i have a jsp authentication form that posts to a servlet.
if the authentication fails(ie bad username) i want to send back message to the calling jsp.

i was going to use HTTP_REFERER and just send the message back to HTTP_REFERER , but i have been doing some reading and it appears that HTTP_REFERER  is not dependable. That some tools like norton will block this

so does any but know this for sure and how do other people handle this. For now i have a myreferer hidden in the jsp, but seems a little kludgy

Thanks for any help
Randy
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2016

Commented:
You could use Ajax and thus not only be able to send a message to the caller, but do it without leaving the caller

Author

Commented:
yeah thats ok, but i am having all sorts of wonderful security problems with alot of my customers so ajax is only an option, which means you still have to write for the browsers that will not run ajax.

thanks

Commented:
Or you could simply post back to the calling JSP with a url paramater that states that the login failed.

Author

Commented:
correct, but the question is , what is the best way to post back to the calling jsp?

Author

Commented:
how do i know what the calling jsp is?
CERTIFIED EXPERT
Top Expert 2016

Commented:
You could make clients pass themselves as referer explicitly as one of the post params

Author

Commented:
k that i how this post started. That is exactly what i am doing now.
"For now i have a myreferer hidden in the jsp, but seems a little kludgy" I guess i should have said
"For now i have a myreferer as a hidden in the jsp, but seems a little kludgy"
CERTIFIED EXPERT
Top Expert 2016

Commented:
Well what i'm suggesting is user interaction. What you're suggesting sounded like hard-coding...

Author

Commented:
ok i am confused
how do i "make clients pass themselves as referer explicitly as one of the post params"

Commented:
<input type="hidden" name="referrer" value="thisPage.jsp" />
CERTIFIED EXPERT
Top Expert 2016

Commented:
Try doing something like this in the onsubmit handler of the form

function submitForm() {
    document.forms[0].username.value = ...
    document.forms[0].password.value = ...
    document.forms[0].referer.value = document.location;
    return true;
}

..............

<input type="hidden" name="referer" value="" >
CERTIFIED EXPERT
Top Expert 2016
Commented:
Or rather

document.forms[0].referer.value = document.location.href;

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2016

Commented:
:-)
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.