aspose file tools*
The moose likes Servlets and the fly likes Http header 'referer' NULL in Servlet for pop-up window Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Http header Watch "Http header New topic
Author

Http header 'referer' NULL in Servlet for pop-up window

ashok sashrith
Greenhorn

Joined: Jan 31, 2005
Posts: 12
Hi,

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so, but I have a session timeout warning pop-up window in my application which will be triggered automatically before 5 minutes of session timeout from the JSP. Unfortunately this pop-up window "referer" header is always NULL and the request ends with error page. Please comments.

Thanks for your time.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42933
    
  68
I don't fully understand the timeout flow of control you're trying to implement, but as regards the referrer header: That can be turned off (so that it is never sent, e.g. in Firefox), or it can be spoofed (e.g. using the Firefox extension refspoof), so I wouldn't rely on it to be valid or even be present.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18991
    
    8

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so
This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?
ashok sashrith
Greenhorn

Joined: Jan 31, 2005
Posts: 12
Thanks for your comments.

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?


And the reason for this check is to make sure that the http request is initiatted from the application in sequence by the user. For example, the application should not allow to access the last page without coming thru all the previous pages.

The pop-up window triggered from the application has the http request header "referer" value NULL always. Any comments on this please?
[ December 15, 2005: Message edited by: ashok sashrith ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42933
    
  68
the application should not allow to access the last page without coming thru all the previous pages.


In that case, you can open a session to keep track where the user has been and where he is allowed to go. Or just store that information in a cookie - no need for a session, really.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Http header 'referer' NULL in Servlet for pop-up window