p2p.wrox.com Forums

Need to download code?

View our list of code downloads.

  Return to Index  

proasp_howto thread: Replacing referer header in next page

Message #1 by "Paul Rogers" <progers@f...> on Wed, 14 Aug 2002 09:56:39
Ok the reason I've had to do it this way is because the application has 3 
tiers. Cart -> Order Form(which takes credit card details so has to be 
secure) -> store order(in database, also secure) -> confirm page(which has 
to be unsecure because the credit card auth. site only allows connections 
from non-SSL. Yes the credit card details are taken twice! customer needs 
them himself for doing address checking etc as well as the payment). So 
basically I was posting an order id from the store order page to the 
confirm page in a querystring because a POST would bring up the "posting 
from secure to non-secure blah blah" dialogue. So I couldn't use cookies, 
2 different URL's. Couldn't use sessions, 2 different URL's again. 

I did eventually solve it fairly simply just by taking the querystring 
into the confirm page and posting the data back in an auto-submitting 
form. Problem solved.



> The Referer is sent by the browser - you can't change this.

Have you thought of using cookies instead to store the querystring data 
you are passing?
Link to a page on your server, get the necessary querystring information,
store it in a database, Response.Redirect() to the secure site
...there are probably other options (eg using the MSHTTPXML component to
simulate the page request by the client), but we probably need more
information on why/how you have things setup


From: "Paul Rogers" <progers@f...>
Subject: [proasp_howto] Replacing referer header in next page

: Hi,
: I have an unsecure page that is linked to from a secure page so I pass
: minor information via a querystring(this is absolutely vital by the way).
: This page then posts fields to a credit card authorizing company's
: The problem is this company, in it's infinite wisdom, have a fixed 
: URL in their configuration. Say http://www.website.com/thispage.asp is 
: in the system as the referer to allow access to the payment page. The
: referer I'm posting to the site because of the querysting is
: http://www.website.com/thispage.asp?qs=1&qs=2&qs=3&qs=4 which the payment
: site is rejecting. Is there anyway of altering the REFERER header(using
: Response.AddHeader maybe?) so only http://www.website.com/thispage.asp
: gets passed to the payment page as a referer even if the page i'm linking
: from has a querystring?

  Return to Index