Posted by J.O. Aho on 09/29/21 11:32

Freebird wrote:
> Hello you all
>
> I've to do a verification using $HTTP_REFERER, but it seems to be not
> trustfull at all, is it possible to know an uniq information from the client
> using the host ?
> How difficult is to change the host ?

Reference can be turned off on client level, which makes the $HTTP_REFERER to
fail giving you an reference url.


> Any ideas ? I need to make a verification from a server to another, and need
> to know if the verification is comming from the correct person or not, I
> thought I could do that using the above, but sometimes returns nothing or
> weird stuff, like the only 3 first character.

Is the other server under your control?
In that case you can use 3rd party cookies (cookies can be turned off) or make
links that sends "variables" (eg http://example.com?verify=yes& ).


//Aho

[Back to original message]