desmondg
asked on
Request.ServerVariables ("HTTP_REFERER") is null
I had my web hosting people put a link on my page that should send visitors to another asp page. I try to ensure that the second page is not accessed except through the first page by putting the following code in the second page:
<%
If (Request.ServerVariables ("HTTP_REFERER") <> "firstpage" Then
response.Redirect("firstpa
End If
%>
The problem is that Request.ServerVariables ("HTTP_REFERER") is null even when I click on the link that was put on my first page.
SHould this be so? If not what could be the problem?
<%
If (Request.ServerVariables ("HTTP_REFERER") <> "firstpage" Then
response.Redirect("firstpa
End If
%>
The problem is that Request.ServerVariables ("HTTP_REFERER") is null even when I click on the link that was put on my first page.
SHould this be so? If not what could be the problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
not unless you are sitting with the client at all times...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Kevp75's comment that there is no great way to do this is basically correct. Ddrudik provided one method that could work. A similar one would be to use a cookie. Have page 1 make a cookie and test for it at the start of page 2. If the cookie doesn't exist with the value then redirect to page 1. However, like with session variables, this depends on the browser and cookies being enabled. You would have to decide how important this is and if it is worth requiring cookies and possibly not working for some visitors.
You can find info on making and reading cookies at http://www.w3schools.com/asp/asp_cookies.asp. Let me know if you need more details.
Let me know if you have a question.
bol
You can find info on making and reading cookies at http://www.w3schools.com/asp/asp_cookies.asp. Let me know if you need more details.
Let me know if you have a question.
bol
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you all for your comments.
Well it seems like I was the only one that didn't contribute anything earlier. ;-) I will just make a quick observation of the URL suggestion to hopefully make up for that. It is a good suggestion but it can easily be "fooled" by the visitor using the querystring in the URL to the second page. Since it is the querystring it is pretty obvious and part of a bookmark if your second page is one that would be bookmarked. That may not be a concern in this case but I thought it was worth mentioning. It is a good suggestion though and I definitely don't mean to detract from it or the others. :)
bol
bol
ASKER
b0lsc0tt,
You certainly contributed earlier except that I thought (perhaps wrongly) that the use of session variables and cookies are very similar, conceptually.
And thanks very much for your comment on the URL suggestion. I had considered this myself and came to pretty much the same conclusions as you did.
One quick observation, however. I am using the http_referrer on other links in the 'chain' and it seems to me that it works consistently on all the links for which it actually works and fails consistently also. In fact it fails only on the link on our home page hosted by an outside provider. The other links in the chain are on our web server and it seems to work consistently there.
Could the failure be somehow due to the web server software and that perhaps if our hosting people would upgrade/change their software that may remedy the problem? Just a thought...
You certainly contributed earlier except that I thought (perhaps wrongly) that the use of session variables and cookies are very similar, conceptually.
And thanks very much for your comment on the URL suggestion. I had considered this myself and came to pretty much the same conclusions as you did.
One quick observation, however. I am using the http_referrer on other links in the 'chain' and it seems to me that it works consistently on all the links for which it actually works and fails consistently also. In fact it fails only on the link on our home page hosted by an outside provider. The other links in the chain are on our web server and it seems to work consistently there.
Could the failure be somehow due to the web server software and that perhaps if our hosting people would upgrade/change their software that may remedy the problem? Just a thought...
ASKER
And another point. How do people ensure that you log in to access their services rather than go directly to the services page? I was told once, on this very forum that the http_referrer variable was used to ensure this.
Thanks! I'm glad to know I helped a bit. :)
>> the use of session variables and cookies are very similar, <<
True. There is a difference but it is minor and I would usually use session variables over cookies. Since session variables had already been suggested I just wanted to mention an alternative even if it is one I consider less appealing.
>> Could the failure be somehow due to the web server software and that perhaps if our hosting people would upgrade/change their software that may remedy the problem? <<
Most likely it is server related. This might be intentional though and done for "security" reasons. If that is the case then an upgrade won't fix it and the company won't change it. It won't hurt to mention it and ask though.
bol
>> the use of session variables and cookies are very similar, <<
True. There is a difference but it is minor and I would usually use session variables over cookies. Since session variables had already been suggested I just wanted to mention an alternative even if it is one I consider less appealing.
>> Could the failure be somehow due to the web server software and that perhaps if our hosting people would upgrade/change their software that may remedy the problem? <<
Most likely it is server related. This might be intentional though and done for "security" reasons. If that is the case then an upgrade won't fix it and the company won't change it. It won't hurt to mention it and ask though.
bol
>> How do people ensure that you log in to access their services rather than go directly to the services page? <<
It is a common way to do it but just not fool-proof. If the page really requires authentication (i.e. some type of login) then that will prevent anyone from going to it without loggin in. However in this case it is just a normal page. You can use the server script methods mentioned to try to control when it is accessed but they rely on the server, the browser and/or the client's settings to work.
In this case the server is having a problem but the browser is also an important part of getting the referrer. That can be spoofed or just not supported which would bypass the check or cause it to fail. Cookies and even session variables depend on the browser and client settings so might not work.
If this is really part of a login then I would say it is more common to use session variables and cookies. The referrer can be used and might even be important for a part of it but usually isn't the most important part. If the browser or client settings make it so cookies or session variables don't work then at least they will fail and not be permitted access. Basically you require those things.
I hope this helps. Let me know if you have a question about something I said. If you do have more follow up questions on this then open a new question and post the URL here to let us know.
bol
It is a common way to do it but just not fool-proof. If the page really requires authentication (i.e. some type of login) then that will prevent anyone from going to it without loggin in. However in this case it is just a normal page. You can use the server script methods mentioned to try to control when it is accessed but they rely on the server, the browser and/or the client's settings to work.
In this case the server is having a problem but the browser is also an important part of getting the referrer. That can be spoofed or just not supported which would bypass the check or cause it to fail. Cookies and even session variables depend on the browser and client settings so might not work.
If this is really part of a login then I would say it is more common to use session variables and cookies. The referrer can be used and might even be important for a part of it but usually isn't the most important part. If the browser or client settings make it so cookies or session variables don't work then at least they will fail and not be permitted access. Basically you require those things.
I hope this helps. Let me know if you have a question about something I said. If you do have more follow up questions on this then open a new question and post the URL here to let us know.
bol
ASKER