I'm running a piece of my page (partners.mydomain.com) in an iframe on a partners site (www.partner.com). When the user clicks the iframe on the hosting server, they open a php script on my server (www.mydomain.com/redirect) that redirects to a third site (www.thirdparty.com). The redirecting script logs clicks to a database.
When I go through this process in firefox the page and referer shows up correctly: the page is the redirecting script (www.mydomain.com/redirect) and the referer is the "iframe-page" (partners.mydomain.com).
HOWEVER, when I do the same in Internet Explorer the referer shows up as NULL, which basically brakes the functionality in the thirdparty site. Does anyone know how I can repair IE's broken referer functionality? (Or am I doing something wrong...?)
BTW: I'm beginning to suspect that the problems lie within the partners.mydomain.com and www.mydomain.com cross-overs. May the problem be that IE does not store referers across (sub-)domains? If so, can I work around it or do I need to use the same domain on both scripts?
I don't have a specific answer to your question, but you cannot reliably depend on HTTP_REFERER even being present - so if your application depends on a specific referrer, it will fail regularly for your users.
- many firewalls (such as the very popular Norton Internet Security suite) disable referrers altogether - you can easily switch off referrers in browsers such as Firefox or Opera - you can fake a referrer
You would be better using cookies or passing details within the URL.
it's quite common for the referrer to be null, as is commonly done by Norton, or faked, or just made up. Various security settings can, I believe, also turn it off. In general, I wouldn't depend upon it for anything.
Well, I know that referer often is unavailable/erranous. But I do not control the third party site which needs the correct referer. I think there is a solution to this problem seeing as when people click my redirect script from my www.domain.com it works most of the time, but when they click a link to the same script from partners.domain.com through an iframe on www.otherdomain.com it does not work in IE. It works with Firefox, not IE. That's what's making me think it's possible to fix.