Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: phranque
For example if I give a site abc.com an REFERERE parameter so that traffic coming from them to my site will have advertising turned off. All a wiley webmaster has to do is do a view source and use the same token to spoof my site.
I am looking for a nice/clean/lightweight solution to this problem. I'm confident it is something that has been solved millions of times perhaps even by google analytics. I am told that HTTP_REFERRER is easy to spoof, is that tue?
Suggest you post this in either the Apache forum or one of the other Webmaster World forums related to scripts.
You might also try searching the webmaster World archives (via google)for both cookies and session ID's.
Refer's are not a sure fire method, however the aforementioned capabilities would reduce the liklihood of decption, as would header verfication. There are numerous threads at Webmaster World (and across the internet) on these methods.
It's not as "simple" as you'd like, however it may be accomplished.
And, no, wilderness doesn't mean abc.com sets a cookie - you can't read 3rd party cookies. On the first page view *your* code notes 'referer = abc.com' and sets a cookie to indicate same throughout the session.
Its possible you are asking too advanced a question for your level - try doing some more reading and experimenting on your own.
Just looking for a canned solution, and hoping to tap into the knowledge pool already available rather than re-inventing the wheel.
You answerered the most key question for me by saying the average webmaster cannot spoof HTTP_REFERER. I am willing to live with a minor amt of abuse.
THANK YOU for your help. Really.