I am working on a simple authentication script, where the user submits a login and password, the credentials are checked and the user is redirected to another script. The new script checks the HTTP_REFERER and if its the original script it continues, otherwise it stops with a message about being unauthorized.
What kind of security implications may I be backing myself into? I want to try and stay away from cookies, and as small as this is I think Session management is a little overkill. The average user isn't going to spend much more than 1 or 2 minutes on the site (not much for them to see or do). I have seen this method used on other sites, but I prefer to check with the experts first. thanks, -- Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
