Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Using SERVER'HTTP REFERER' in login redirect?



9:48 pm on May 5, 2010 (gmt 0)

5+ Year Member

Hi...I know how it's parsed up there isn't right but when I did a search with correct syntax it stripped some out...

So I wanted to know if there's any major risk in using http_referer for when someone logs in? I've read it can be spoofed but it's only used for members of the script, not admins. Is there a glaring security risk with using this?


9:57 pm on May 5, 2010 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

It should be fine. If you want, you can take extra precaution and redirect only within your website, and if it's anywhere else (or the referrer doesn't exist in the first place) redirect to a predefined location.


10:15 pm on May 5, 2010 (gmt 0)

5+ Year Member

thanks eelix, can you possibly point me in the general direction of how it checks the url to do that?

Featured Threads

Hot Threads This Week

Hot Threads This Month