This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes Http header 'referer' NULL in Servlet for pop-up window Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Http header Watch "Http header New topic
Author

Http header 'referer' NULL in Servlet for pop-up window

ashok sashrith
Greenhorn

Joined: Jan 31, 2005
Posts: 12
Hi,

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so, but I have a session timeout warning pop-up window in my application which will be triggered automatically before 5 minutes of session timeout from the JSP. Unfortunately this pop-up window "referer" header is always NULL and the request ends with error page. Please comments.

Thanks for your time.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41034
    
  43
I don't fully understand the timeout flow of control you're trying to implement, but as regards the referrer header: That can be turned off (so that it is never sent, e.g. in Firefox), or it can be spoofed (e.g. using the Firefox extension refspoof), so I wouldn't rely on it to be valid or even be present.


Ping & DNS - my free Android networking tools app
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so
This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?
ashok sashrith
Greenhorn

Joined: Jan 31, 2005
Posts: 12
Thanks for your comments.

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?


And the reason for this check is to make sure that the http request is initiatted from the application in sequence by the user. For example, the application should not allow to access the last page without coming thru all the previous pages.

The pop-up window triggered from the application has the http request header "referer" value NULL always. Any comments on this please?
[ December 15, 2005: Message edited by: ashok sashrith ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41034
    
  43
the application should not allow to access the last page without coming thru all the previous pages.


In that case, you can open a session to keep track where the user has been and where he is allowed to go. Or just store that information in a cookie - no need for a session, really.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Http header 'referer' NULL in Servlet for pop-up window
 
Similar Threads
how to find out the page the user was previously at.
Constructor Problem
How to invalidate a session when user switches to a different URL ?
getHeader("Referer") not working on Tomcat 4.1.24
PDF/HTML browser problem