Folks, I have a popup window that I would like to put a mild security constraint on. I
don't want others to be able to directly type in the address of this page, modify url
parameters, etc. I only want this page accessible if it was triggered from a link on
my own website, then I know I can trust the URL parameters, etc. I had thought about
parsing the HTTP_REFERER and extracting the host, and comparing it with my domain
name. This would tell me if a valid link was clicked.
One problem... HTTP_REFERER appears to be empty when it's a new window. For some
reason I thought the referer would still be detected.
Am I up a creek? Is there anyway for a popup window to get the page referer (in other
words, the popup opener)?
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php