Mike Kear wrote: > I have an application that has to grant or deny access based on whether the > user has paid membership fees. They can't get to the application unless the > page that sends them there has also granted access through the online shop > (.asp, written by someone else), so I figured if they have access to the > article, then they have access to my app. If they don't have access to the > article then I'll send them back to the article. Then all considerations of > access and payment etc are handled by the article and the shop. And also > the article is free to the public or restricted access to members only based > on the content management system's settings rather than my coldfusion > programming. If a content writer changes the status of the article, it also > changes the status of the CF application without needing to have any work > from me. > > So the test I've got on my page is if cgi.http_referer is the article, or > elsewhere in my app, then they're granted access, other wise they get sent > back to the article using <cflocation . > > However lately, I have had some users who can't get access. No matter what > they do, they're kicked back to the article. This doesn't happen to > everyone, only a few people, and we're having trouble finding the common > factor with these people. We're assuming at present that the cause is we're > not picking up the http_referer parameter. > > Does cgi.http_referer always work with all browsers?
No. > Do some firewalls prevent browsers passing on this variable? Yes > How else can I check that the user has come from a particular place, without > using cgi.http_referer? Not really. Best way would be for the ASP page that links to your page to append a checksum to the URL, then you can do a cfhttp call to another ASP page to verify the checksum (or use a cookie to passw the checksum if the domain is the same). Or look into the possibilities of Digest Authentication (RFC 2617), but that is uncharted territory AFAIK. Jochem ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
