Folks, I have a popup window that I would like to put a mild security constraint on. I 
don't want others to be able to directly type in the address of this page, modify url 
parameters, etc. I only want this page accessible if it was triggered from a link on 
my own website, then I know I can trust the URL parameters, etc. I had thought about 
parsing the HTTP_REFERER and extracting the host, and comparing it with my domain 
name. This would tell me if a valid link was clicked.

One problem... HTTP_REFERER appears to be empty when it's a new window. For some 
reason I thought the referer would still be detected.

Am I up a creek? Is there anyway for a popup window to get the page referer (in other 
words, the popup opener)?

Thanks, Joseph.

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to