Web tier: servlets, JSP, Web frameworks: How to force access coming from another page

  1. How to force access coming from another page (2 messages)


    I have an application that has to allow access to users that come from another web application. If a user access the application using a URL or coming from another web application it should deny access. We can't use cookies because this application has to work with WAP 1.0. Any Ideas?


    Néstor Boscán
  2. yup,

    there is a HTTP header named HTTP_REFERER: http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14

    the value of this header will basically tell from which url which contains the link that sent the user to your page.

    In a servlet or a jsp you can obtain it using req.getHeader("Referer"), where req is your http request object.

    Emil ( http://www.thekirschners.com/software/testare/testare.html )
  3. Hi

    I don't think this will work with WAP browsers. You can't trust that they will send the attribute.


    Néstor Boscán