• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP Referer

 
vipul patel
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

In my login.jsp, the very beginning of the code looks like this. It seems that it is extracting HTTP referer. But what is actually accomplished by it?


Code Snippet:
-------------

<%
if (session.isNew())
{
String referer = request.getHeader("Referer");
if (referer == null)
{
response.sendRedirect("home.jsp");
}
else
{
response.sendRedirect(referer);
}
}
/*else {
System.out.println ("session is old");
try {
session.invalidate();
} catch (Exception e) {}
response.sendRedirect("home.jsp");
}*/
%>
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The referer might be null (i.e., there is no referer header) if you type in the URL in the browser, or if you access the page through a bookmark. Apparently, the author of this page does not want a user to start at any other page than home.jsp.

This is not a good design, because it assumes that the referer is sent, when in reality it may not be sent (e.g. if you crank security restrictions all the way up in IE, or if you set the associated configuration item in Firefox, then those browsers simply won't send the header).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic