This week's book giveaway is in the Spring forum.
We're giving away four copies of Spring in Action (5th edition) and have Craig Walls on-line!
See this thread for details.
Win a copy of Spring in Action (5th edition) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

HTTP Referer  RSS feed

 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

In my login.jsp, the very beginning of the code looks like this. It seems that it is extracting HTTP referer. But what is actually accomplished by it?


Code Snippet:
-------------

<%
if (session.isNew())
{
String referer = request.getHeader("Referer");
if (referer == null)
{
response.sendRedirect("home.jsp");
}
else
{
response.sendRedirect(referer);
}
}
/*else {
System.out.println ("session is old");
try {
session.invalidate();
} catch (Exception e) {}
response.sendRedirect("home.jsp");
}*/
%>
 
Rancher
Posts: 42974
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The referer might be null (i.e., there is no referer header) if you type in the URL in the browser, or if you access the page through a bookmark. Apparently, the author of this page does not want a user to start at any other page than home.jsp.

This is not a good design, because it assumes that the referer is sent, when in reality it may not be sent (e.g. if you crank security restrictions all the way up in IE, or if you set the associated configuration item in Firefox, then those browsers simply won't send the header).
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!