I'd be most grateful for little bit of advice or comment on best security practice here please.
I am coding a little system and I need to check where the user came from i.e. the user is coming from a given page on the site for security reasons etc. I scripted in some CGI.HTTP_REFERER checks but this was falling. I did a CFDUMP of CGI and it showed that HTTP_REFERER contained the correct URL but also values for CFID and CFTOKEN. I suspect that my script check is failing because of those additional values in the URL. In the meantime I've changed my check to "DOES NOT CONTAIN" the URL I am looking for (see below) but wonder if this is the best way to handle this (even though it works). <CFIF cgi.http_referer DOES NOT CONTAIN "The Referring Page URL"> Do some stuff </cfif> Thank you! ++++++++++ Kevin Parker ++++++++++ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355882 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
