: Referrer Strings I'm not exactly sure how to ask this, but here I go. I work for a company that provides IT services. Our main costumer has a website developed by WebCompany.com, and I act
I'm not exactly sure how to ask this, but here I go.
I work for a company that provides IT services. Our main costumer has a website developed by WebCompany.com, and I act as a maintainer/middle-man for this website for our customer.
What's happening is that on the front page there is a drop-down-menu with links. One link goes to a third party website - ThirdParty.com. This third party website automatically logs you in based on your IP or your referrer string.
Homepage > ThirdParty.com > Logged in via IP or referrer string.
What's happening... is Website.com is passing along inconsistent referrer strings. I've asked them to look into it and they say it's not their fault, referrer strings are handled at the browser.
ThirdParty.com is actually nice enough to have IP and referrer string listed on the front page for users not logged in.
So... how can I trace the referrer string so that I can figure out why Website.com's front page link to ThirdParty.com is showing a referrer as "None" or "Thirdparty.com" instead of "ThirdParty.com"?
Their website is build in PHP. Can you force all links on a website to list "referrer" as "http://website.com/"? instead of "http://website.com/portal/1" or "http://website.com/page3"?
More posts by @Pope3001725
1 Comments
Sorted by latest first Latest Oldest Best
referrer strings are handled at the browser.
Exactly. It is the users browser that sends the HTTP referer[sic] as part of the HTTP request. Website.com (where the link originates) has no control over this. In fact, the user has complete control over this.
The HTTP referer is notoriously unreliable. The user can configure their browser to not send a referer or to send something completely erroneous. A user can potentially send any referer string to any website. Have you heard of referer spam?
Links from HTTPS pages do not send a referer (the browser supresses them).
automatically logs you in based on your IP or your referrer string.
You cannot log someone in based on their referer string - at least you shouldn't! As mentioned above: unreliable and a security hole bigger than a blue whale!
(Do they really log you in based on your HTTP referer?!)
For completeness...
So... why Website.com's front page link to ThirdParty.com is
showing a referrer as "None" or "Thirdparty.com" instead of
"ThirdParty.com"?
The referer will not be set (ie. none) if:
the user has typed the link directly into the address bar.
the user has followed a direct link from email or some other non-web source.
the users browser is not set to send a referer.
the originating link is on a secure HTTPS page.
"Thirdparty.com" or "ThirdParty.com" - this should not matter. The domain name is not case-sensitive, so it should not be compared case-sensitively. All mainstream browsers lowercase the domain name before making the request. The referer will contain "thirdparty.com" if the user has navigated (or been redirected) from a page on "thirdparty.com" - an internal link/redirect on that website.
Can you force all links on a website to list "referrer" as
"http://website.com/"? instead of "http://website.com/portal/1" or
"http://website.com/page3"?
No. As mentioned, this is controlled by the user. But the target website (thirdparty.com) should be able to resolve this?
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.