Return-Path: 
 <users-return-22657-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 41807 invoked by uid 500); 13 Feb 2003 12:41:51 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 41796 invoked from network); 13 Feb 2003 12:41:51 -0000
Received: from oracle.uk.clara.net (195.8.69.94)
  by daedalus.apache.org with SMTP; 13 Feb 2003 12:41:51 -0000
Received: from du-069-0324.access.clara.net ([217.158.145.70] helo=adisham)
	by oracle.uk.clara.net with smtp (Exim 3.36 #3)
	id 18jIgZ-000FDw-00
	for users@httpd.apache.org; Thu, 13 Feb 2003 12:41:51 +0000
Message-ID: <1afe01c2d35d$4798f120$ec14383e@adisham>
From: "William Turrell" <wturrell@clara.co.uk>
To: <users@httpd.apache.org>
Date: Thu, 13 Feb 2003 12:41:49 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: [users@httpd] Referring pages using apache + cgi scripts

I am currently attempting to use the referring page environment variable
within a CGI script to verify that a user has come from another page on the
same server before allowing them to access another one.

Page one presents users with a menu, each of which refers to the second CGI
script but with different parameters.  I only want them to be able to access
page two if they have specifically gone to page one first, and I don't want
them to be able to cut + paste the URL of page two in another browser.  For
reasons I won't go into we don't want to use normal .htpasswd/.htaccess or
mod_auth_db for any of this.

(perl code)
my $q = new CGI;
my $referer = $q->referer() || "";

98-9% of the time it works, but for a few users it doesn't - their referral
page is blank in both the apache logfile and a logfile I'm generating from
the second CGI script.  I can also verify that in all cases they definitely
did go to the first page by looking back a few seconds.

Any reason why this information wouldn't be being passed on? The people
we've asked seem to have modern browsers (IE 5 or 6) and operating systems
(WinNT etc.), and I assumed that referral information was mandatory anyway.
Is there a solution?

Thanks for your help,

William


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org