NYCPHP Meetup

[felix zaslavskiy]

I think you are trying to come to a solution in the wrong way.

First you should not ever rely on HTTP_REFERER because some browsers
dont even choose to sent them or a proxy is stripping them so i would
not have any of my app's logic rely on the REFERER header.

Second you should not worry about sites that your appliation does not
control. If you are not the guy who sent the user the html page so then
it should not be up to you to decide if the user cannot go back to that
page.

I can see a case where its resonable to wipe the browsers history for
your application only. I never had a  needed to do this but here is a
few ideas you may try.  Some of them may not work.
1. Put your app in a popup , probably not a good idea.
2. Use javascript and manipulate the history object, but make sure you
are nice and dont wipe the history you did not create.
3. Let all your application requests go through same url , maybe some
browsers dont add a history for that.
4. Use 304 redirects because browsers wont add those to history. I am
not sure where this would be useful though.



-- 
felix[at]bebinary.com
http://www.zaslavskiy.net/