Wrox Programmer Forums
|
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 25th, 2004, 06:07 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 119
Thanks: 0
Thanked 1 Time in 1 Post
Default Request.ServerVariables HTTP_REFERRER question

I have an ASP page, on an INTERNET website, whereby I have a link that connects to one of our INTRANET sites. My problem is that I need to be able to determine if the user is coming from our INTERNET site so that I do not display specific links in the INTRANET website. When I first go into the INTRANET site I can monitor this by using REQUEST.SERVERVARIABLES("HTTP_REFERER") however once I navigate off the initial page on the intranet site then I lose that setting that stated initially that the user was coming from my INTERNET website. What is the best way to get around that so that I can monitor that the user is from the INTERNET site when he is in any of the pages in the INTRANET site?

Any help or direction would be appreciated. Thank you.
 
Old May 25th, 2004, 06:59 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Hi there,

The external referrer is only available on the very first page. So, you go from the Internet to the Intranet, and the referrer indicating the Internet is passed along. However, from that point on, the referrer will be Intranet for each subsequent page in the Intranet. Of course the principle will work the other way around as well.

I think the easiest wat to fix this, is to store a cookie or session variable on the first hit. Check the referrer, and then set a cookie like IntranetUser = True or something like that. On subsequent page calls, use this cookie to determine the user type.

Please be aware that the referrer is not always present. Most firewalls will block this kind of "private data", so the referrer can end up as empty. Code for that, and make sure you offer the restricted set of options in case of an empty referrer.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old May 25th, 2004, 07:25 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 119
Thanks: 0
Thanked 1 Time in 1 Post
Default

Imar,

Thanks for the REPLY. I did have one question, can I not check the REQUEST.SERVERVARIABLES("URL") since that seems to be consistent each time I am navigating within the INTRANET? If so, it would appear that I am doing something wrong because the WHOLE URL is not being displayed each time I response.write it out.

Thanks for your help.
 
Old May 25th, 2004, 07:39 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Well, Request.ServerVariables("URL") returns the name of the current page. It will return something like this:

/YourApp/YourPage.asp

If both the Intranet and the Internet share the same folder structure and page names, you can't distinguish between them.

How do your users go from the Internet to the Intranet? Through a link? If so, can't you add a simple QueryString like FromIntranet=True to the link's address?

Are you programming this feature for security or for convenience?

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old May 25th, 2004, 08:13 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 119
Thanks: 0
Thanked 1 Time in 1 Post
Default

For security.
 
Old May 25th, 2004, 08:21 AM
Imar's Avatar
Wrox Author
 
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

In that case, you'll need to look at other means to reach the same goal. The referrer is *not* secure. It's too easy to block / empty the referrer, so it looks like you're not coming from a certain location, while in fact do you come from that site.

The other way around is a bit more difficult, but certainly not impossible. So, you think someone comes from a specific site, while in fact they're requesting your site directly.

If I were you, I'd implement a login mechanism, or work with encrypted cookies / querystrings. When the users moves from site A to site B, send over the cookies, or send them through a POST/GET form to the next section, check their (valid) contents and proceed accordingly.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
 
Old May 25th, 2004, 02:05 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 119
Thanks: 0
Thanked 1 Time in 1 Post
Default

Actually what I finally found was that the my internet link to the intranet site was setup via a SECURE PROXY DEVICE. The link will always be coming from this SECURE PROXY DEVICE that has a static IP address. Therefore I used the REQUEST.SERVERVARIABLES("REMOTE_ADDR") method and that fixed it.

Imar -- thank you for all your time and help on this. It is much appreciated.





Similar Threads
Thread Thread Starter Forum Replies Last Post
<%=Request.ServerVariables("HTTP_REFERER")%> t400 Classic ASP Basics 0 June 30th, 2006 07:26 AM
Request question thunder Classic ASP Basics 1 February 26th, 2006 10:29 AM
$_SERVER['HTTP_REFERRER'] natmaster Beginning PHP 1 July 21st, 2003 03:04 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.