HTTP_REFERER not there when coming from an ASP Response.Redirect

[Drebin]

I am retrofitting a central login application and want to be able to read
the Request.ServerVariables["HTTP_REFERER"] so that when they have logged
on, I can send them back to wherever they were trying to go..

If you try to load a legacy ASP app, I do this:

If Len(SessionID) <> 40 Then
Response.Redirect "/WAS/Default.aspx?AppCode=2400"
End If

On Default.aspx, I go so far as do this:

foreach (string s in Request.ServerVariables.AllKeys)
{
Response.Write(s + "=[" + Request.ServerVariables + "]<br>");
}

HTTP_REFERER is blank. If I had a <a href="Default.aspx">click</a> on that
same page, then referer fills in. Why can I not see the HTTP_REFERER in this
scenario??

Also, I tried instead of the Response.Redirect, doing something like:

<script>
window.location.href='/WAS/Default.asp?AppCode=2400';
</script>

Just in case Response.Redirect sends some wacky header that is throwing off
ASP.NET??

I'm really jammed up and running WAY behind - any insight greatly
appreciated, thanks!!

 

[John Saunders]

I am retrofitting a central login application and want to be able to read
the Request.ServerVariables["HTTP_REFERER"] so that when they have logged
on, I can send them back to wherever they were trying to go..

If you try to load a legacy ASP app, I do this:

If Len(SessionID) <> 40 Then
Response.Redirect "/WAS/Default.aspx?AppCode=2400"
End If

On Default.aspx, I go so far as do this:

foreach (string s in Request.ServerVariables.AllKeys)
{
Response.Write(s + "=[" + Request.ServerVariables + "]<br>");
}

HTTP_REFERER is blank. If I had a <a href="Default.aspx">click</a> on that
same page, then referer fills in. Why can I not see the HTTP_REFERER in
this
scenario??

Also, I tried instead of the Response.Redirect, doing something like:

<script>
window.location.href='/WAS/Default.asp?AppCode=2400';
</script>

Just in case Response.Redirect sends some wacky header that is throwing
off
ASP.NET??

I'm really jammed up and running WAY behind - any insight greatly
appreciated, thanks!!

The Referrer header isn't guaranteed to be there. Your code will have to be
able to handle that case.

 

[clintonG]

A value returned by a click event is the only way to
populate the HTTP_REFERER variable with data.

--
<%= Clinton Gallagher, "Twice the Results -- Half the Cost"
Architectural & e-Business Consulting -- Software Development
NET (e-mail address removed)
URL http://www.metromilwaukee.com/clintongallagher/

I am retrofitting a central login application and want to be able to read
the Request.ServerVariables["HTTP_REFERER"] so that when they have logged
on, I can send them back to wherever they were trying to go..

If you try to load a legacy ASP app, I do this:

If Len(SessionID) <> 40 Then
Response.Redirect "/WAS/Default.aspx?AppCode=2400"
End If

On Default.aspx, I go so far as do this:

foreach (string s in Request.ServerVariables.AllKeys)
{
Response.Write(s + "=[" + Request.ServerVariables + "]<br>");
}

HTTP_REFERER is blank. If I had a <a href="Default.aspx">click</a> on that
same page, then referer fills in. Why can I not see the HTTP_REFERER in
this
scenario??

Also, I tried instead of the Response.Redirect, doing something like:

<script>
window.location.href='/WAS/Default.asp?AppCode=2400';
</script>

Just in case Response.Redirect sends some wacky header that is throwing
off
ASP.NET??

I'm really jammed up and running WAY behind - any insight greatly
appreciated, thanks!!

The Referrer header isn't guaranteed to be there. Your code will have to be
able to handle that case.

 

[Drebin]

But I've used this zillions of times with traditional ASP. For example, if
you navigate to /App1/ or /App2/ or /App3/ - they all check for the
existence of a cookie, if it's not there it redirects you to /Login/ - after
that app has authenticated you, it sends you back from whence you came!!

I understand there is the exclusively .NET alternative of doing Forms
authentication, but these apps are traditional ASP. Why does this no longer
work???????

A value returned by a click event is the only way to
populate the HTTP_REFERER variable with data.

--
<%= Clinton Gallagher, "Twice the Results -- Half the Cost"
Architectural & e-Business Consulting -- Software Development
NET (e-mail address removed)
URL http://www.metromilwaukee.com/clintongallagher/

I am retrofitting a central login application and want to be able to
read
the Request.ServerVariables["HTTP_REFERER"] so that when they have logged
on, I can send them back to wherever they were trying to go..

If you try to load a legacy ASP app, I do this:

If Len(SessionID) <> 40 Then
Response.Redirect "/WAS/Default.aspx?AppCode=2400"
End If

On Default.aspx, I go so far as do this:

foreach (string s in Request.ServerVariables.AllKeys)
{
Response.Write(s + "=[" + Request.ServerVariables + "]<br>");
}

HTTP_REFERER is blank. If I had a <a href="Default.aspx">click</a> on that
same page, then referer fills in. Why can I not see the HTTP_REFERER in
this
scenario??

Also, I tried instead of the Response.Redirect, doing something like:

<script>
window.location.href='/WAS/Default.asp?AppCode=2400';
</script>

Just in case Response.Redirect sends some wacky header that is throwing
off
ASP.NET??

I'm really jammed up and running WAY behind - any insight greatly
appreciated, thanks!!

The Referrer header isn't guaranteed to be there. Your code will have to be
able to handle that case.

 

[Drebin]

But I've used this zillions of times with traditional ASP. For example, if
you navigate to /App1/ or /App2/ or /App3/ - they all check for the
existence of a cookie, if it's not there it redirects you to /Login/ - after
that app has authenticated you, it sends you back from whence you came!!

I understand there is the exclusively .NET alternative of doing Forms
authentication, but these apps are traditional ASP. Why does this no longer
work???????

A value returned by a click event is the only way to
populate the HTTP_REFERER variable with data.

--
<%= Clinton Gallagher, "Twice the Results -- Half the Cost"
Architectural & e-Business Consulting -- Software Development
NET (e-mail address removed)
URL http://www.metromilwaukee.com/clintongallagher/

I am retrofitting a central login application and want to be able to
read
the Request.ServerVariables["HTTP_REFERER"] so that when they have logged
on, I can send them back to wherever they were trying to go..

If you try to load a legacy ASP app, I do this:

If Len(SessionID) <> 40 Then
Response.Redirect "/WAS/Default.aspx?AppCode=2400"
End If

On Default.aspx, I go so far as do this:

foreach (string s in Request.ServerVariables.AllKeys)
{
Response.Write(s + "=[" + Request.ServerVariables + "]<br>");
}

HTTP_REFERER is blank. If I had a <a href="Default.aspx">click</a> on that
same page, then referer fills in. Why can I not see the HTTP_REFERER in
this
scenario??

Also, I tried instead of the Response.Redirect, doing something like:

<script>
window.location.href='/WAS/Default.asp?AppCode=2400';
</script>

Just in case Response.Redirect sends some wacky header that is throwing
off
ASP.NET??

I'm really jammed up and running WAY behind - any insight greatly
appreciated, thanks!!

The Referrer header isn't guaranteed to be there. Your code will have to be
able to handle that case.

 

[John Saunders]

But I've used this zillions of times with traditional ASP. For example, if
you navigate to /App1/ or /App2/ or /App3/ - they all check for the
existence of a cookie, if it's not there it redirects you to /Login/ -
after that app has authenticated you, it sends you back from whence you
came!!

I understand there is the exclusively .NET alternative of doing Forms
authentication, but these apps are traditional ASP. Why does this no
longer work???????

Because you never tested adequately enough to realize that it wasn't
actually working all the time.

You can't depend on the browser to do everything you want it to do. The
browser sets the Referrer header, or else decides not to. If you always want
the information you were getting in HTTP_REFERRER, then you need to include
it as a query string parameter or post it from a hidden field or send it in
a cookie:

on sender.aspx:
<a href="sent.aspx?referrer=sender.aspx">

 

[Drebin]

John,

Thanks - but no, there are a couple of apps that have THOUSANDS of users and
have been running for a couple years and I've never had a single problem
(using this technique in ASP)!!!

The reason why your alternative isn't ideal, is my method handles if someone
went to a particular url. For example, if you tried to navigate to:

http://someserver/someapp/InvoiceDetail.asp?acct=12345&sort=qty&someothervars=crap

After you've been validated, I just Response.Redirect you back to that ugly
URL. I don't have to worrry about URL Encoding the path, etc.. it's doing
double the work. I *KNOW* that on this particular page, the user will always
be coming from another web app.

Philosophy aside, this was something that used to work and is reasonable to
expect to work in .NET - and I'm just trying to get to the bottom of *why*
it doesn't work or if there is an equivalent (aside from manually passing
the URL)?

Thanks!

 

[John Saunders]

John,

Thanks - but no, there are a couple of apps that have THOUSANDS of users
and
have been running for a couple years and I've never had a single problem
(using this technique in ASP)!!!

"It's worked for years" is not the same thing as "we tested all functions
under all conditions and they all worked".

The reason why your alternative isn't ideal, is my method handles if
someone
went to a particular url. For example, if you tried to navigate to:

http://someserver/someapp/InvoiceDetail.asp?acct=12345&sort=qty&someothervars=crap

After you've been validated, I just Response.Redirect you back to that
ugly
URL. I don't have to worrry about URL Encoding the path, etc.. it's doing
double the work. I *KNOW* that on this particular page, the user will
always
be coming from another web app.

Philosophy aside, this was something that used to work and is reasonable
to
expect to work in .NET - and I'm just trying to get to the bottom of *why*
it doesn't work or if there is an equivalent (aside from manually passing
the URL)?

I'm sorry, I thought that had been made clear. HTTP_REFERRER comes from the
Referrer header in the request. If the browser or other user agent on the
clientdoesn't set the Referrer header, then you won't be able to read it on
the server.

You'll need to find out under what circumstances the browser is not setting
the Referrer header, then see if you can narrow it down: is it always sent
by one browser or browser version but not by another? Is it not being sent
for some buttons or links but is being sent for the others?

At any rate, unless you control the clients, you can't mandate that the
browser always send you this particular header. This is why you should have
a "Plan B".

John Saunders

 

[Drebin]

I'm sorry, I thought that had been made clear. HTTP_REFERRER comes from the
Referrer header in the request. If the browser or other user agent on the
clientdoesn't set the Referrer header, then you won't be able to read it on
the server.

You'll need to find out under what circumstances the browser is not setting
the Referrer header, then see if you can narrow it down: is it always sent
by one browser or browser version but not by another? Is it not being sent
for some buttons or links but is being sent for the others?

At any rate, unless you control the clients, you can't mandate that the
browser always send you this particular header. This is why you should have
a "Plan B".

This is a completely captive audience, a corporate intranet application -
ALL clients (without a single exception) are WinXP Pro, IE 6 and I
absolutely control *how* a user gets to this site, it will always have a
referer..... well... should have one I can read!!

This isn't so much a browser compatibility problem, these are the same
workstations trying to do the same thing - the difference being that this is
an ASP.NET trying to read HTTP_REFERER instead of ASP

And this is consistently NOT working, all the time and from several
different machines.

Thanks though...

 

[John Saunders]

This is a completely captive audience, a corporate intranet application -
ALL clients (without a single exception) are WinXP Pro, IE 6 and I
absolutely control *how* a user gets to this site, it will always have a
referer..... well... should have one I can read!!

This isn't so much a browser compatibility problem, these are the same
workstations trying to do the same thing - the difference being that this
is
an ASP.NET trying to read HTTP_REFERER instead of ASP

And this is consistently NOT working, all the time and from several
different machines.

I'm sorry, but you're probably wrong.

You seem to be suggesting that IE6 always puts a Referrer header on every
request, but that ASP.NET is incapable of reading it, whereas ASP can read
it. That seems unlikely.

If you can look at the requests with a network monitor of some kind, you
would be able to confirm whether or not the Referrer header is being sent.
You could also take a look at Request.Headers to see if it's there.

If the header is reaching ASP but not ASP.NET, then the question is why not?
Are ASP and ASP.NET on different machines (so that some network, proxy or
firewall issue could be causing the problem). Are there ISAPI modules or
HttpModules set up for ASP.NET which are not set up for ASP?

Also, you should get back to basics on this one. Create a trivial web site
(WebApplication1.aspx) and see if it receives the header. If it doesn't,
then you'll know that the reason has nothing to do with the application. If
it does, then you'll know that the reason has to do with your application or
its setup.

Also, does this fail on development machines, or just production?

 

[Drebin]

If it does, then you'll know that the reason has to do with your
application or its setup.

BINGO!! And we've come full circle. This works with ASP to ASP, but not ASP
to ASP.NET and to be clear, if you Response.Redirect from an ASP page to
another one (I wrote, with nothing special) - I can absolutely, positively
gaurantee referer will be filled in. I have used this method dozens of time
without a single incident of failure. I would bet a months salary on it*.
This is a controlled/internal/intranet environment.

Also, does this fail on development machines, or just production?

I've only done this on one machine.

All I'm asking - let me be clear, does anyone know anything that is handled
differently with ASP.NET in regards to the HTTP_REFERER??? thanks



*please note, salary will not really be bet - expression used for emphasis

 

[Greg Burns]

This works with ASP to ASP, but not ASP to ASP.NET and to be clear, if you

Response.Redirect from an ASP page to another one (I wrote, with nothing
special) - I can absolutely, positively gaurantee referer will be filled
in.

I just created to classic asp pages...

page1.asp:

<% response.Redirect "page2.asp" %>

page2.asp:

<% response.Write Request.ServerVariables("HTTP_REFERER") %>

Page2 outputs nothing when opened from redirect like this. It does display
page if gotten to from a hyperlink.

Like John said, you should get back to basics. Try this test yourself and
see what happens. I've never worked with classic asp much, so maybe I did
something wrong...

PS: Request.UrlReferrer maybe a simpler way to get
Request.ServerVariables("HTTP_REFERER")

Greg

 

[John Saunders]

I just created to classic asp pages...

page1.asp:

<% response.Redirect "page2.asp" %>

page2.asp:

<% response.Write Request.ServerVariables("HTTP_REFERER") %>

Page2 outputs nothing when opened from redirect like this. It does
display page if gotten to from a hyperlink.

Like John said, you should get back to basics. Try this test yourself and
see what happens. I've never worked with classic asp much, so maybe I did
something wrong...

Drebin,

You're not getting it. Get down to the basic question: "is the Referrer
header being sent to your ASP.NET application?" Forget about
Request.ServerVariables("HTTP_REFERER") . All that does is show what's in
the header. The header is what you should be looking at.

If you see that the header is being sent to ASP.NET, yet
Request.ServerVariables("HTTP_REFERER") is blank, THEN you should worry
about ASP.NET doing something different.

And, BTW, a lot of people use Request.ServerVariables("HTTP_REFERER") in
ASP.NET, and it works. ASP.NET has been out for about three years - this
would have been fixed by now if it didn't work for anyone at all.

In other words, "yes, it's just you".

 

[Alex Homer]

Turn on tracing for the page and look at the trace information to see if the
referrer is in the headers?

<%Page Language="whatever" Trace="True" %>

 

[John Saunders]

Drebin,

Any luck with this?

John Saunders

 

[slyi .]

Could you use something like
Response.ContentType = "application/vnd.ms-excel"

eg: Response.Referrer = "targetpage.aspx"