$_SERVER['HTTP_REFERER'] security

**say** · Dec 3, 2003 22:41

Hi. I have one part of my script written as

header("location:$_SERVER['HTTP_REFERER']");

This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?

Thanks anyone.

**coo_t2** · Dec 4, 2003 13:23

Originally Posted by say

Hi. I have one part of my script written as

header("location:$_SERVER['HTTP_REFERER']");

This works well but wanna know what I need to escape and cleanup on that referer url in order to be secure?

Thanks anyone.

I don't think there's anything to worry about here. Nothing that I can think of anyway. Anyone else see a problem?

You can't really trust what's in HTTP_REFERER, but it seems the worst that can happen here is that the user gets sent to that url.

--ed

**Gaheris** · Dec 4, 2003 14:22

Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set (check for it).

**redux** · Dec 4, 2003 14:26

Originally Posted by Gaheris

Yes, IMHO that's the only thing that could happen, or some error because the regerer wasn't set

which happens for all users that run norton firewall, for instance...

**Gaheris** · Dec 4, 2003 14:33

Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?

**i_like_php** · Dec 4, 2003 19:41

Originally Posted by Gaheris

Which shows again that you really shouldn't rely on the referer. How about tracking the last location with sessions?

how do you go about doing that? tracking users and their browsing habits, using sessions? i would like to add that to my site

**Gaheris** · Dec 5, 2003 07:28

how do you go about doing that?

Every script or script part records it's name or tag into a location array stored in a session.

User Tag List

Thread: $_SERVER['HTTP_REFERER'] security

Thread Tools

Display

$_SERVER['HTTP_REFERER'] security

Bookmarks

Bookmarks

Posting Permissions