SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Guru
    Join Date
    Oct 2006
    Location
    Queensland, Australia
    Posts
    852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    HTTP_REFERER - More Info Please!

    I'm finding the php variable $_SERVER['HTTP_REFERER'] to be very handy for making "go back" links, but for some reason I'm presuming that some visitors won't have a browser that sends the http_referer. I'm not sure what percentage of visitors that would apply to?

    So can someone share with me the down sides of using the $_SERVER['HTTP_REFERER'] global variable (is that called a global variable? - my php lingo isn't the best). If the referer variable isn't set or it contains no data, then I presume the user has gone directly to that page and so it will usually link them to the home page of the site.

    Cheers!

  2. #2
    SitePoint Addict telos's Avatar
    Join Date
    Mar 2005
    Location
    192.168.2.34
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If I were you, I would create a session and create an array accessible in that session. For example:
    session_start();
    $_SESSION['back'][] = $_SERVER['HTTP_REFERER']; // Add the outside page they came from.
    $_SESSION['back'][] = $_SERVER['SCRIPT_NAME']; // Add this page (or use another SERVER variable that fits your needs)

    // If you need to access the latest visited page:
    echo $_SESSION['back'][count($_SESSION['back'])-1];

    This array you create will store all of the previously viewed pages in this session.
    Last edited by telos; Feb 12, 2007 at 12:25. Reason: Added the correct syntax for the COUNT function

  3. #3
    SitePoint Guru
    Join Date
    Oct 2006
    Location
    Queensland, Australia
    Posts
    852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Interesting. I think I'll look into that one telos. I'm still curious however of the how trust worthy HTTP_REFERER is.

  4. #4
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,290
    Mentioned
    198 Post(s)
    Tagged
    3 Thread(s)

    http referer

    It can't be relied upon. Some browsers, like Opera, give the user the option to "turn off" the use of referrer. AFAIK, some browsers (like bots) just plain don't have them. And the values can be "spoofed". You wouldn't want someone to use their HTTP header app and use "../.htpasswd" would you?
    I like the idea of a SESSION array, but maybe use DOCUMENT SELF to populate it instead.
    $_SESSION['back'][] = $_SERVER['DOCUMENT_SELF'];
    Then again I seem to remember reading something about that not being secure against attacks either, but I think that was when using it for form submits.

  5. #5
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    739
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Nice use of sessions for back button.

    $_SERVER['SCRIPT_NAME'];

    where does the script_name come from?


    Thanks

  6. #6
    SitePoint Addict telos's Avatar
    Join Date
    Mar 2005
    Location
    192.168.2.34
    Posts
    279
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_SERVER['DOCUMENT_SELF'] would probably work the best. I just used script_name for lack of a better one.

  7. #7
    SitePoint Zealot
    Join Date
    Jan 2005
    Location
    Romania, Iasi
    Posts
    119
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The $_SESSION variant may have an issue.. what if i have two pages open of the same site?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •