You should be aware that referer will not always exist. Many anti malware apps or browser plugins block it.
Russ Michaels www.michaels.me.uk On 10 Jun 2013 06:48, "Kevin Parker" <[email protected]> wrote: > > I'd be most grateful for little bit of advice or comment on best security > practice here please. > > I am coding a little system and I need to check where the user came from > i.e. the user is coming from a given page on the site for security reasons > etc. I scripted in some CGI.HTTP_REFERER checks but this was falling. > > I did a CFDUMP of CGI and it showed that HTTP_REFERER contained the correct > URL but also values for CFID and CFTOKEN. I suspect that my script check is > failing because of those additional values in the URL. In the meantime I've > changed my check to "DOES NOT CONTAIN" the URL I am looking for (see > below) > but wonder if this is the best way to handle this (even though it works). > > <CFIF cgi.http_referer DOES NOT CONTAIN "The Referring Page URL"> > Do some stuff > </cfif> > > Thank you! > > > ++++++++++ > Kevin Parker > ++++++++++ > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355884 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
