[nycphp-talk] using $_SERVER['HTTP_REFERER']
Chris Shiflett
shiflett at php.net
Fri Mar 5 17:08:48 EST 2004
--- Aaron Fischer <agfische at email.smith.edu> wrote:
> I am working on a page right now that uses HTTP_REFERER to make sure
> that the user is coming from a specific page. It seems to be working
> pretty well except for one little hiccup involving the back button:
There are more problems with this approach than the one you've observed,
but that is another discussion I suppose...
> Scenario:
> The user clicks from the referrer page to my page and is let in OK.
> When they are done they leave and go somewhere else. However, if they
> choose to hit the back button they are let into my page again. I would
> like to know how I can prevent this from happening?
With a standards-compliant browser, you shouldn't be able to. As a
standards-conscious developer, you shouldn't want to.
>From section 13.13 of RFC 2616:
In particular history mechanisms SHOULD NOT try to show a semantically
transparent view of the current state of a resource. Rather, a history
mechanism is meant to show exactly what the user saw at the time when
the resource was retrieved.
Hope that helps.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming mid-2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
More information about the talk
mailing list