开发者

Identify whether user manually loaded url on browser or generates URL by server in php

开发者 https://www.devze.com 2023-01-21 11:35 出处:网络
Thanks for your time. I am developing application using PHP. In this for some instace I have added logic such that, for certain area matches then redirect to particular url.

Thanks for your time.

I am developing application using PHP. In this for some instace I have added logic such that, for certain area matches then redirect to particular url.

if(//statement) {
   redirect to specific URL(e.g. http://www.example.com/testing.php )
}

Above is my basic logic. Here I want to Identify that whether us开发者_如何学Pythoner mannually loaded this URL http://www.example.com/testing.php on browser or it is redirected from webserver and then loaded.

How do I achieve this.

Your suggestions are welcome!!!.

-Pravin.


HTTP as a protocol does not include the facility to differentiate how a URL was accessed or what exactly the user did in the browser. A URL request is a URL request, it shouldn't matter whether the user clicked a link, refreshed the page or typed in the URL.

There are indicators that may or may not signal certain behavior (e.g. the Referer header), but they're not reliable, they're not meant for this purpose and they may introduce weird behavior in edge cases if you rely on them.

Please be aware of this whenever you try to implement something like this.
Better, you should architect your application to not rely on RESTless behavior like this.


You can check the value of $_SERVER['HTTP_REFERER'] (Documentation here)

But that won't give you a 100% guarantee, because some browsers don't send the referrer.

Another way would be setting some kind of "referred from" value in the $_SESSION, before redirecting the user.


This could be done by checking the referrer ($_SERVER['HTTP_REFERER']), but unfortunately it's not really reliable as you can't ensure, that each browser is sending the referrer.

So maybe it's better to add an additional parameter to your redirection, you could then check on testing.php for existence of that parameter.

To prevent people setting this parameter manually (or accidently by copy/paste) you could check for a variable value of that parameter, e.g. a timestamp.

It's also possible to set a session variable but this means a session cookie is set (which some customers don't like).

edit: as some people actually do disable cookies by default the session is not the best place to set this.


You can add a special GET param to the redirect URL:

http://www.example.com/testing.php?redirect=1

if $_GET['redirect'] exists then its coming from the redirect otherwise its not. However this can be faked.

You can also set a session variable on the page which redirects $_SESSION['redirect'] = 1 and then check in your testing.php if that session var exists, also dont forget to unset that session var on testing.php.

0

精彩评论

暂无评论...
验证码 换一张
取 消