Referring URL Integrity

[cmhunt]

Hi

Simple question relating to security on our site. We need the client to access one page before accessing another so please can someone tell me if the referring url (Request.UrlReferrer) easily "hackable"?

Thanks

Chris

 

[fhlee]

I will recommend you using the Session object. For example, in Page1, you set the: Session("IHaveBeenHere") = TRUE. The in Page2, you check: if Session("IHaveBeenHere") = TRUE then doWhateverYouWant ELSE Response.Redirect("page1.asp").

Or something to that effect.

~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-

 

[cmhunt]

Hi

Unfortunately the URL we have to check is not on our server so I don't think sessions are an option. One of our clients wants to integrate one of our web products into their website. Our product usually uses a username, password and IP address as security but the client wants a seemless link from their product to ours so it's not possible to ask for a username/password or check their IP as they don't collect IP info from their clients.

The idea we come up with was to check the referring URL in order to ensure the user has already been authenticated.

I am certainly open to other ideas but this seemed the easiest way hence wondering how sure I can be that a referring URL is genuine.

Thanks

Chris