HTTP_REFERRER

[scaifea]

I have a simple community website for a school, it has a members section, and again a simple java password system to enter the members pages.

The only security drawback is that if someone bookmarks the "members.htm" page, then can browse the web and come straight back to it at anytime, also anyone can just type the "members.htm" URL and get straight into the page.

I pplayed around with the HTTP_REFERRER function, trying to ensure that everyone came to the "members.htm" page directly from the "logon.htm" page, but it didn't work, when I checked, i wasn't passing any referrer information.

Is there a simple and FREE answer to this ? Would cookies help? How do I set them?

Remember this is a small scale community website, I just need to deter the casual sufer, plus the free hosting we have doesn't support any client side scripts :-(

Any help would be appreciated.

 

[adam0101]

You can use this to see where they came from, but it's still pretty easy to hack your way into your page. I could just turn off JavaScript.

<script>
alert(document.referrer)
</script>

Adam

¡ph ¥0u c4n r34d d¡5 ¥0u n33d 70 g37 l4¡d

 

[scaifea]

I realise that, I just need to deter the casual surfer, not some hacker

 

[trollacious]

Some "casual surfers" turn off Javascript, too, you know. What you're asking for is beyond what client-side scripting really can handle.

Lee

 

[BillyRayPreachersSon]

Even if you want to deter casual surfers, you would still really want to use server-side technology. This is so that if any of your "allowed" users have JS disabled, they will still be able to get into the site.

Dan

[tt]D'ya think I got where I am today because I dress like Peter Pan here?[/tt]

 

[scaifea]

OK, thanks all. Looks like we will have to find a paid hosting service that will take Server Side scripts.