> To this I would say that you would ALWAYS have an > HTTP_Referer. Because, on every page (or through > Application.cfm - if appropriate for your application) > you would do a check to see if the user is logged in, > and has access to the required page. If not, then you > do a redirection to the login page. At this point, the > page you were trying to access IS your referer.
You can never guarantee the existence of CGI.HTTP_REFERER, because it's provided by the browser. There are plenty of third-party utilities that allow a browser user to strip that information from their HTTP requests. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
