Domain Detection with PHP

Anon

I have a site which is secured by login and timeouts forcing the user to login back in.

I would like to force the user to login again into the site if they move to a different domain and come back to my site.

Any ideas how I would do this?

Many Thanks

jariizumi

What you're probably looking for is that unless the user only uses the links within the page, it doesn't let the user through. The only way I can think of to check the referer of the page and see if it begins with http://mydomain.com/ and go from there. That would be done by:

$headers = getallheaders();
if ($headers["Referer"] == ...

or something like that. This will force the user to only use links within the site. However, if the user enters another URL in the browser, does stuff and comes back, that will be undetectable by the server.

Now that I think about it more, you could PROBABLY use JavaScript to detect such movement... have a hidden frame, on a page exit, activate a script in the hidden frame that waits a few seconds and checks the .src of the real frame, and if it doesn't match your domain, then send the disconnect signal to the server, and then just get rid of itself. There's probably better ways of doing this (I can already see one fault in my logic 😉 but since I'm not the biggest JavaScript expert, I'll let someone else ponder this one. Hope I've been of some help 🙂