Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Http header 'referer' NULL in Servlet for pop-up window

 
ashok sashrith
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so, but I have a session timeout warning pop-up window in my application which will be triggered automatically before 5 minutes of session timeout from the JSP. Unfortunately this pop-up window "referer" header is always NULL and the request ends with error page. Please comments.

Thanks for your time.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't fully understand the timeout flow of control you're trying to implement, but as regards the referrer header: That can be turned off (so that it is never sent, e.g. in Firefox), or it can be spoofed (e.g. using the Firefox extension refspoof), so I wouldn't rely on it to be valid or even be present.
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so
This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?
 
ashok sashrith
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your comments.

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?


And the reason for this check is to make sure that the http request is initiatted from the application in sequence by the user. For example, the application should not allow to access the last page without coming thru all the previous pages.

The pop-up window triggered from the application has the http request header "referer" value NULL always. Any comments on this please?
[ December 15, 2005: Message edited by: ashok sashrith ]
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the application should not allow to access the last page without coming thru all the previous pages.


In that case, you can open a session to keep track where the user has been and where he is allowed to go. Or just store that information in a cookie - no need for a session, really.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic