$_SERVER['HTTP_REFERER'] security

**say** · Dec 3, 2003, 22:41

Hi. I have one part of my script written as

header("location:$_SERVER['HTTP_REFERER']");

This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?

Thanks anyone.

**coo_t2** · Dec 4, 2003, 13:23

Originally Posted by say

Hi. I have one part of my script written as

header("location:$_SERVER['HTTP_REFERER']");

This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?

Thanks anyone.

I don't think there's anything to worry about here. Nothing that I can think of anyway. Anyone else see a problem?

You can't really trust what's in HTTP_REFERER, but it seems the worst that can happen here is that the user gets sent to that url.

--ed

**Gaheris** · Dec 4, 2003, 14:22

Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set (check for it).

**redux** · Dec 4, 2003, 14:26

Originally Posted by Gaheris

Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set

which happens for all users that run norton firewall, for instance...

**Gaheris** · Dec 4, 2003, 14:33

Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?

**i_like_php** · Dec 4, 2003, 19:41

Originally Posted by Gaheris

Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?

how do you go about doing that? tracking users and their browsing habits, using sessions? i would like to add that to my site

**Gaheris** · Dec 5, 2003, 07:28

how do you go about doing that?

Every script or script part records it's name or tag into a location array stored in a session.

User Tag List

Thread: $_SERVER['HTTP_REFERER'] security

Thread Tools

Display

$_SERVER['HTTP_REFERER'] security

Bookmarks

Bookmarks

Posting Permissions