cyfer65 Posted July 26, 2011 Share Posted July 26, 2011 Is it possible at all to Get the Real Referrer If its Blocked or Forged by some browser add-on or something.? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 26, 2011 Share Posted July 26, 2011 Short answer: no. Link to comment Share on other sites More sharing options...
jeffman Posted July 26, 2011 Share Posted July 26, 2011 I assume your goal is to make sure that a form submitted to your server originated on your server. HTTP does not provide a tool for this. But you can improvise.One way is to embed a hidden form input in your document with PHP. Let the value be difficult to duplicate, like a hash of the current time plus your last name. Set the value as a session value. Generate a unique value for every user. If a user submits the form before the session expires, the number should match.This will minimize spoofers from copying your form to their server and serving it up like it's their form, or from loading it on their desktop with alterations, and so on.But it's not perfect. Anyone can slip through this during the session interval. I don't know what you're trying to protect, so I don't know if that's good enough. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.