HTTP_REFERER question

M

M Smith

On our web site we allow our members access to features hosted by another
web site. The way the other web site authenticates users is to check the
value of the HTTP_REFERER. If it comes from our Login.asp page it lets them
in. When our users login to go to the other site, they login on our site's
Login.asp page. When they click submit, our LoginCheck.asp page validates
them and does a response.redirect to the other site. In most cases the
other site sees the HTTP_REFERER as Login.asp (I guess because the
LoginCheck.asp is doing a redirect and HTTP_REFERER doesn't work with
redirects). But in some case the other site is seeing nothing in the
HTTP_REFERER. My question is why would there not be a value in the
HTTP_REFERER object? If anyone can help I would appeciate it.
 
T

Thomas

there are clients (webbrowsers) that do not sent HTTP_REFERER. some clients
even allow you to change the referer value. doing an authentication based on
http referer ist about the weakest security you can have. basically you
could as well just put the link on your page without any login :)

- thomas
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HTTP_REFERER Returns Nothing 1
Get HTTP_REFERER in popup 4
Hit redirection & HTTP_REFERER 1
HTTP_REFERER not there when coming from an ASP Response.Redirect 15
Request.ServerVariables("HTTP_REFERER") - What is going on? 9
An embeddable job widget showing job listings discussion of an approach 0
Shared login authentication between two domains?! 1
eCommerce & search engines incompatibility problem 2

Members online

No members online now.
Total: 99 (members: 1, guests: 98)
Robots: 102

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top