Hello,
What is the best way to prevent user to request web application's pages (or actions if Struts based) from browser manually?
E.g. user is using web application and taking it's current url to clipboard. Then user goes e.g. to Google for surfing for a while.
After surfing (s)he pastes web applications url back to browser's address field.
Best technique in web applicaton to prevent this?
Maria
-
Prevent URL requested directly from browser (3 messages)
- Posted by: maria veera
- Posted on: September 09 2003 14:16 EDT
Threaded Messages (3)
- Prevent URL requested directly from browser by Ian Mitchell on September 09 2003 15:56 EDT
- Prevent URL requested directly from browser by maria veera on September 10 2003 01:29 EDT
- referer by m pantla on September 10 2003 04:13 EDT
-
Prevent URL requested directly from browser[ Go to top ]
- Posted by: Ian Mitchell
- Posted on: September 09 2003 15:56 EDT
- in response to maria veera
The general solution is to use POST submissions rather than GET. -
Prevent URL requested directly from browser[ Go to top ]
- Posted by: maria veera
- Posted on: September 10 2003 01:29 EDT
- in response to Ian Mitchell
So, do you mean that if user e.g. after surfing in other application pastes
the url of the first application (s)he was using, that request's type is changed to GET? So, should I do my application so, that all GET type request goes to errorpage?
br
Maria -
referer[ Go to top ]
- Posted by: m pantla
- Posted on: September 10 2003 04:13 EDT
- in response to maria veera
hi
you could try get the CGI variable HTTP_REFERER (use request.getHeader("Referer")). This should return the URL of the preceding page (where the button/link/etc was) or blank in the URL was typed in.
This is not fool proof and there is apparently a bug in Tomcat Referer header but should stop your average user...