Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Location
    Louisville, KY
    Posts
    281
    Thanks
    2
    Thanked 0 Times in 0 Posts

    session instead of referer

    I've heard that it's better to use a session instead of checking the referer. What's the simplest way to do this? I just want to start a session on one page, and on the next make sure the session has been started in order to gain access, else be forwarded to a different page. Thanks in advance.

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,108
    Thanks
    11
    Thanked 101 Times in 99 Posts
    //page 1
    PHP Code:
    <?php
    session_start
    ();
    $_SESSION['been_here_already'] = $_SERVER['REMOTE_ADDR'];
    ?>
    //page2
    PHP Code:
    <?php
    session_start
    ();
    if( 
    $_SESSION['been_here_already'] != $_SERVER['REMOTE_ADDR'] ){
        
    header('location:page1.php');
    }
    ?>
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    But that Page2 code will always return False for AOL users (that get another IP for each request) and some users behind a proxy that does IP pooling.

    Can't you just set a flag --> set a sessionvariable to whatever and then just check if it is set?

    Page1:

    <?php
    session_start();
    $_SESSION['cleared'] = 'yes';
    ?>

    Page 2:
    PHP Code:
    <?php
    session_start
    ();
    if( isset(
    $_SESSION['cleared']){
      if (
    $_SESSION['cleared'] == 'yes') {
       
    // whatever
      
    } else {   
        
    header('location<img src="images/smilies/tongue.gif" border="0" alt="">age1.php');
      }
    } else {
      
    //some redirect to a page where the session is cleared
    }
    ?>

  • #4
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,108
    Thanks
    11
    Thanked 101 Times in 99 Posts
    for each request ? I do not see how the HTTP protocol can even work if the IP changes on each request?

    not that I disagree that the IP checking is probably overkill , just trying to give a full example .
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #5
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    HTTP is stateless and since there isn't a persistent connection, the server just needs to know the IP of the client that made the request in order to send a response. So it doesn't matter if the same client has already sents 10 request with 10 differnent IP's.

    It's exactly due to this stateless protocol that we need sessions so that we can 'identify' the client and we can group multiple requests. It's probably because of this IP-'fluidness' that sessions rely on the quersytring or session-cookie to identify the client.

    I didn't know about these one-request-IP's either until 2 months ago.
    http://www.codingforums.com/showthre...hlight=request


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •