Welcome to WebmasterWorld Guest from 54.167.65.217

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Using SERVER'HTTP REFERER' in login redirect?

     
9:48 pm on May 5, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 28, 2007
posts:114
votes: 0


Hi...I know how it's parsed up there isn't right but when I did a search with correct syntax it stripped some out...

So I wanted to know if there's any major risk in using http_referer for when someone logs in? I've read it can be spoofed but it's only used for members of the script, not admins. Is there a glaring security risk with using this?
9:57 pm on May 5, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 12, 2005
posts:5966
votes: 0


It should be fine. If you want, you can take extra precaution and redirect only within your website, and if it's anywhere else (or the referrer doesn't exist in the first place) redirect to a predefined location.
10:15 pm on May 5, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 28, 2007
posts:114
votes: 0


thanks eelix, can you possibly point me in the general direction of how it checks the url to do that?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members