Re: HTTP REFERER not set in Internet Explorer

[Todd Hendricks <djtrubeliever () comcast net>]

I would suggest that perhaps the usage of HTTP_REFERER in any "secure" 
application might not be your best option.  HTTP_REFERER is easily 
modified by the end user.

Perhaps you might look into using cookies and/or IP addresses and 
REQUEST_URI to track the same programmatically?

Regards,
Todd

Saqib Ali wrote:
> Hello,
>
> I am writing a secure application that tracks users on a website by
> use of HTTP_REFERER. But see like Internet Explorer is not properly
> populating this field.
>
> Visit the following website using IE and Firefox.
> http://www.xml-dev.com/blog/referer_test.php
>
> And click on the Link that says "Click Here"
>
> With Firefox, the correct HTTP_REFERER will be displayed after you
> click the link. But with I.E. the HTTP_REFERER is set to blank.
>
> Has anyone ran into this issue? How did you make your application
> compatible with both I.E and Mozilla based browsers?
>
> Because of some security concerns I need the HTTP_REFERER to be set
> correctly. If it is not possible, I will have to restrict my users to
> a Mozilla based browser.
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
> Consensus is good, but informed dictatorship is better.