I am working on a series of web pages and I would like to be 100% certain that users cannot jump around to any page they like by typing a URL into their browser. I have used $_SERVER['HTTP_REFERER'] to check at the top of most pages and if the referer is not what I think it should be, I redirect the user back to the beginning.
I have been reading, however, that this method may not be as reliable as I want.
The page http://php.net/manual/en/reserved.variables.server.php says, "*'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.*"
Is there another way to be certain that if a user got to http://page2.php that he absolutely every time got there from http://page1.html? I know users can set their own cookies, so that won't work.
Since these pages exist on a server already and the [HTTP_REFERER] variable seems reliable, may I conclude that it is?
These pages are not comissioned by anyone; I make them by myself for myself. However, when this project is finished, I would like to be able to present it to charities and others for real-life use. I want this to be as strong and bullet-proof as any enterprise application.
All 3 Replies
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.