This week's book giveaway is in the Artificial Intelligence forum.
We're giving away four copies of Pragmatic AI and have Noah Gift on-line!
See this thread for details.
Win a copy of Pragmatic AI this week in the Artificial Intelligence forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

HTTP Referer  RSS feed

 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

In my login.jsp, the very beginning of the code looks like this. It seems that it is extracting HTTP referer. But what is actually accomplished by it?


Code Snippet:
-------------

<%
if (session.isNew())
{
String referer = request.getHeader("Referer");
if (referer == null)
{
response.sendRedirect("home.jsp");
}
else
{
response.sendRedirect(referer);
}
}
/*else {
System.out.println ("session is old");
try {
session.invalidate();
} catch (Exception e) {}
response.sendRedirect("home.jsp");
}*/
%>
 
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The referer might be null (i.e., there is no referer header) if you type in the URL in the browser, or if you access the page through a bookmark. Apparently, the author of this page does not want a user to start at any other page than home.jsp.

This is not a good design, because it assumes that the referer is sent, when in reality it may not be sent (e.g. if you crank security restrictions all the way up in IE, or if you set the associated configuration item in Firefox, then those browsers simply won't send the header).
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!