Re: HTTP REFERER not set in Internet Explorer

[Marc Koschewski <marc () osknowledge org>]

* Saqib Ali <docbook.xml () gmail com> [2005-11-16 08:16:33 -0800]:

> Hello,
>
> I am writing a secure application that tracks users on a website by
> use of HTTP_REFERER. But see like Internet Explorer is not properly
> populating this field.
>
> Visit the following website using IE and Firefox.
> http://www.xml-dev.com/blog/referer_test.php
>
> And click on the Link that says "Click Here"
>
> With Firefox, the correct HTTP_REFERER will be displayed after you
> click the link. But with I.E. the HTTP_REFERER is set to blank.
>
> Has anyone ran into this issue? How did you make your application
> compatible with both I.E and Mozilla based browsers?
>
> Because of some security concerns I need the HTTP_REFERER to be set
> correctly. If it is not possible, I will have to restrict my users to
> a Mozilla based browser.

Hi Saqib,

I'm not able to test this case due to having no IE available. But I
know IE doesn't send HTTP-REFERERs in windows that have been opened by
window.open(). If you use target '_blank' it works, however. For
HTTP-REFERER type of security IE is rather useless when using pop-up
windows then. Just my 2 cents... :)

Regards,
        Marc

Attachment: signature.asc
Description: Digital signature