Win a copy of Machine Learning Systems: Designs that scale this week in the Scala forum
or Xamarin in Action: Creating native cross-platform mobile apps in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

HTTP Referer  RSS feed

 
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

In my login.jsp, the very beginning of the code looks like this. It seems that it is extracting HTTP referer. But what is actually accomplished by it?


Code Snippet:
-------------

<%
if (session.isNew())
{
String referer = request.getHeader("Referer");
if (referer == null)
{
response.sendRedirect("home.jsp");
}
else
{
response.sendRedirect(referer);
}
}
/*else {
System.out.println ("session is old");
try {
session.invalidate();
} catch (Exception e) {}
response.sendRedirect("home.jsp");
}*/
%>
 
Rancher
Posts: 42975
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The referer might be null (i.e., there is no referer header) if you type in the URL in the browser, or if you access the page through a bookmark. Apparently, the author of this page does not want a user to start at any other page than home.jsp.

This is not a good design, because it assumes that the referer is sent, when in reality it may not be sent (e.g. if you crank security restrictions all the way up in IE, or if you set the associated configuration item in Firefox, then those browsers simply won't send the header).
 
He was expelled for perverse baking experiments. This tiny ad is a model student:
Rocket Oven Kickstarter - from the trailboss
https://coderanch.com/t/695773/Rocket-Oven-Kickstarter-trailboss
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!