I use cgi.http_referer on one of our sites. The issue that has arisen with us is if someone has Firewall software installed on their computer or is behind a really restricted firewall on their network. As far as I have been able to determine, under such circumstances there is a chance that cgi.http_referer cannot be sent from the users browser (pretty layman terms but I don't know the in-depth details of this topic).
So, I guess that my 2cents on your question is "not for every user". Tony Gruen -----Original Message----- From: Mike Kear [mailto:[EMAIL PROTECTED]] Sent: Sunday, June 30, 2002 10:42 PM To: CF-Talk Subject: Does cgi.http_referer ALWAYS work? I have an application that has to grant or deny access based on whether the user has paid membership fees. They can't get to the application unless the page that sends them there has also granted access through the online shop (.asp, written by someone else), so I figured if they have access to the article, then they have access to my app. If they don't have access to the article then I'll send them back to the article. Then all considerations of access and payment etc are handled by the article and the shop. And also the article is free to the public or restricted access to members only based on the content management system's settings rather than my coldfusion programming. If a content writer changes the status of the article, it also changes the status of the CF application without needing to have any work from me. So the test I've got on my page is if cgi.http_referer is the article, or elsewhere in my app, then they're granted access, other wise they get sent back to the article using <cflocation . However lately, I have had some users who can't get access. No matter what they do, they're kicked back to the article. This doesn't happen to everyone, only a few people, and we're having trouble finding the common factor with these people. We're assuming at present that the cause is we're not picking up the http_referer parameter. Does cgi.http_referer always work with all browsers? Do some firewalls prevent browsers passing on this variable? Because if it's not provided my app will assume they have no right to be here and kick them out. How else can I check that the user has come from a particular place, without using cgi.http_referer? Cheers, Mike Kear Windsor, NSW, Australia AFP WebWorks FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
