...

View Full Version : session instead of referer



BroChris
11-14-2003, 05:55 AM
I've heard that it's better to use a session instead of checking the referer. What's the simplest way to do this? I just want to start a session on one page, and on the next make sure the session has been started in order to gain access, else be forwarded to a different page. Thanks in advance.

firepages
11-14-2003, 11:14 AM
//page 1


<?php
session_start();
$_SESSION['been_here_already'] = $_SERVER['REMOTE_ADDR'];
?>


//page2


<?php
session_start();
if( $_SESSION['been_here_already'] != $_SERVER['REMOTE_ADDR'] ){
header('location:page1.php');
}
?>

raf
11-14-2003, 01:09 PM
But that Page2 code will always return False for AOL users (that get another IP for each request) and some users behind a proxy that does IP pooling.

Can't you just set a flag --> set a sessionvariable to whatever and then just check if it is set?

Page1:

<?php
session_start();
$_SESSION['cleared'] = 'yes';
?>

Page 2:


<?php
session_start();
if( isset($_SESSION['cleared']){
if ($_SESSION['cleared'] == 'yes') {
// whatever
} else {
header('location<img src="images/smilies/tongue.gif" border="0" alt="">age1.php');
}
} else {
//some redirect to a page where the session is cleared
}
?>

firepages
11-14-2003, 02:27 PM
for each request ? I do not see how the HTTP protocol can even work if the IP changes on each request?

not that I disagree that the IP checking is probably overkill , just trying to give a full example .

raf
11-14-2003, 02:41 PM
HTTP is stateless and since there isn't a persistent connection, the server just needs to know the IP of the client that made the request in order to send a response. So it doesn't matter if the same client has already sents 10 request with 10 differnent IP's.

It's exactly due to this stateless protocol that we need sessions so that we can 'identify' the client and we can group multiple requests. It's probably because of this IP-'fluidness' that sessions rely on the quersytring or session-cookie to identify the client.

I didn't know about these one-request-IP's either until 2 months ago.
http://www.codingforums.com/showthread.php?s=&threadid=26661&highlight=request



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum