Identifiying the calling page

**kaeli** · Jul 23 '05, 10:38 AM

Re: Identifiying the calling page

In article <ats490lftnp935 biom4kfpmoidfd3 sum89@4ax.com>,
jon@jacklane.de mon.co.uk enlightened us with...[color=blue]
> Hi
>
> I'm trying to do something simple: find out which page had the link
> which got me to the current page. I am using window.referrer , in IE6,
> but it never has anything but blank in it. The scenario is that the
> user must go though a sign on page to get to the goodies. If they go
> direct, they get bumped to login:
>
>[/color]

Referer is never a good thing for relying on, as you've noticed. Anyone
with a modicum of programming knowledge or script kiddie tools can spoof
it, too.

The normal way of doing logins is to have the user enter their username
and password in a form, then have the form POST to a page that checks
the login and password server-side. If it is correct, it sets a cookie
or session variable that all other pages that need to know that the user
has logged in can check.

If you don't need all that, just set a cookie on the login page and
check it on the next. This is insecure as hell. :)

--
--
~kaeli~
A little rudeness and disrespect can elevate a meaningless
interaction to a battle of wills and add drama to an
otherwise dull day.

http://www.ipwebdesign.net/wildAtHeart

http://www.ipwebdesign.net/kaelisSpace

Identifiying the calling page

Identifiying the calling page

Comment