• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Http header 'referer' NULL in Servlet for pop-up window

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so, but I have a session timeout warning pop-up window in my application which will be triggered automatically before 5 minutes of session timeout from the JSP. Unfortunately this pop-up window "referer" header is always NULL and the request ends with error page. Please comments.

Thanks for your time.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't fully understand the timeout flow of control you're trying to implement, but as regards the referrer header: That can be turned off (so that it is never sent, e.g. in Firefox), or it can be spoofed (e.g. using the Firefox extension refspoof), so I wouldn't rely on it to be valid or even be present.
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I am checking the http header "referer" in my servlet to figure out whether the user switched to any third party site and come back to my application. I am forwarding to error page if the user did so

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?
 
ashok sashrith
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your comments.

This sounds like extremely annoying and intrusive behaviour to me. What is the business reason for this requirement?



And the reason for this check is to make sure that the http request is initiatted from the application in sequence by the user. For example, the application should not allow to access the last page without coming thru all the previous pages.

The pop-up window triggered from the application has the http request header "referer" value NULL always. Any comments on this please?
[ December 15, 2005: Message edited by: ashok sashrith ]
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

the application should not allow to access the last page without coming thru all the previous pages.



In that case, you can open a session to keep track where the user has been and where he is allowed to go. Or just store that information in a cookie - no need for a session, really.
 
I can't renounce my name. It's on all my stationery! And hinted in this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic