[nycphp-talk] using $_SERVER['HTTP_REFERER']
Adam Maccabee Trachtenberg
adam at trachtenberg.com
Fri Mar 5 16:29:43 EST 2004
On Fri, 5 Mar 2004, Aaron Fischer wrote:
> I am working on a page right now that uses HTTP_REFERER to make sure
> that the user is coming from a specific page. It seems to be working
> pretty well except for one little hiccup involving the back button:
>
> Scenario:
> The user clicks from the referrer page to my page and is let in OK.
> When they are done they leave and go somewhere else. However, if they
> choose to hit the back button they are let into my page again. I would
> like to know how I can prevent this from happening?
I can't solve your specific problem, but HTTP_REFERER is really easy
to fake, so don't be relying on this in general as a secure method of
protection against anything or anyone.
-adam
--
adam at trachtenberg.com
author of o'reilly's php cookbook
avoid the holiday rush, buy your copy today!
More information about the talk
mailing list