| Re: $referrer = $_SERVER['HTTP_REFERER'] echo [message #181979 is a reply to message #181976] |
Fri, 28 June 2013 20:46   |
Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma:
|
Senior Member |
|
|
Jerry Stuckle wrote:
> On 6/28/2013 4:03 PM, Twayne wrote:
>> On 2013-06-28 3:26 PM, Jerry Stuckle wrote:
>>> It is supplied by the user, and like anything user-supplied, can easily
>>> be spoofed. And some people don't even send it (I've heard Norton has
>>> an option to strip it, but haven't confirmed that fact).
>>
>> No, it is NOT supplied by the user in this case. It is supplied by the
>> server of my website, and the only information I'm interested in is
>> whether the visitor came from the proper page on my website; nothing
>> else shall pass. You've said nothing to change my mind, but thanks
>> anyway.
>
> Check again. HTTP_REFERER is supplied by the CLIENT. The server has no
> idea where the page was called from.
ACK. See RFC 2616 section 14.36.[1]
>> Thanks for the response, even if it was rather lacking in any detail
>> that I found useful.
>
> Then I would suggest you get some more education. Try running the HTTP
> Headers extension under Firefox - you will find the value being sent by
> the browser.
If sending the refer(r)er header has not been disabled.[2]
[1] <http://www.ietf.org/rfc/rfc2616.txt>
[2] <http://www.technipages.com/firefox-enable-disable-referrer.html>
--
Christoph M. Becker
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]