Re: avoid user direct accec *.html
>>>>> "PH" == Patrick Hsieh <pahud@pahud.net> writes:
[...]
PH> In PHP, I can check the HTTP_REFERER to make sure connections
PH> originates from the same website. If the HTTP_REFERER is empty
PH> or not belongs to the same website, I can redirect the client
PH> to another webpage. [...]
Please do NOT do this. It will seem to work most of the time, but it
will most certainly fail for perfectly valid requests. Both HTTP 1.0
and 1.1 leave it as optional. If you must control access in this
manner I'd say use some session mechanism or come up with a method
that doesn't break under perfectly valid client behaviour.
cheers,
BM
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: