Welcome to WebmasterWorld Guest from 54.226.25.231

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Using SERVER'HTTP REFERER' in login redirect?

     

Ahkamden

9:48 pm on May 5, 2010 (gmt 0)

5+ Year Member



Hi...I know how it's parsed up there isn't right but when I did a search with correct syntax it stripped some out...

So I wanted to know if there's any major risk in using http_referer for when someone logs in? I've read it can be spoofed but it's only used for members of the script, not admins. Is there a glaring security risk with using this?

eelixduppy

9:57 pm on May 5, 2010 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 5+ Year Member



It should be fine. If you want, you can take extra precaution and redirect only within your website, and if it's anywhere else (or the referrer doesn't exist in the first place) redirect to a predefined location.

Ahkamden

10:15 pm on May 5, 2010 (gmt 0)

5+ Year Member



thanks eelix, can you possibly point me in the general direction of how it checks the url to do that?
 

Featured Threads

Hot Threads This Week

Hot Threads This Month