Getting the URL of referer

statbat
05-29-2002, 10:25 PM
Hi,

I am making a shopping cart, for security i need to know from where the post was made example only www.my.com/additem.asp can post to www.my.com/cart.asp and not anyother. So in cart.asp how can i make sure that the post was made was from which referrer?

Kind Regards
Statbat

Rezner
06-03-2002, 08:33 AM
<%
if Request.ServerVariables("HTTP_REFERER")<> "http://www.my.com/additem/" then
Response.Redirect "http://www.my.com/invalid_attempt"
end if
%>

Derek Stone
06-03-2002, 06:32 PM
Keep in mind that any HTTP header, including Referer, can easily be faked my even a novice user.

Good Luck
-CL

statbat
06-04-2002, 12:00 PM
Hi,

Then how can I make sure that HTTP Refferer in asp cannot be faked?
Any solution to it or just have to get away with it?

Derek Stone
06-04-2002, 03:28 PM
You can't prevent a user from faking the referer header. I'm sure that there is another way to secure your site, however I'm not positive as to what you're attempting to do, so a longer explanation is necessary.

Good Luck
-CL

Thinker
06-04-2002, 04:07 PM
If only www.my.com/additem.asp can post to www.my.com/cart.asp
then it seems like you would want to pass a hidden form variable
with the cartID and also a some session number generated from
additem.asp that would change each time. If the session number
passed back matches the one just generated for the cartID, it
should be safe. The session number should expire after a certain
time, or become invalid if anyother page is requested. Not a
perfect solution, but in connectionless web programming, there
rarely is.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum