PHP Sessions

berbbrown

Hi All

I have a site which requires the user to login. This works fine.

Upon login the user is presented with options. One them provides a link to a https site (a completely different site and server). When the option (a hyperlink) a clicked the page is redirected to this other site, site (b). This also works.

My question is how can I make sure that the user can only navigate to site (b) from the login from site (a) rather than create a favourite direct to site (b).

I have to add that site (a) is a framed page with two frames. Top frame has navigation and second frame (main) will contain the page either from site (a) or site (b).

Any ideas?

Thanks in advance.

sneakyimp

In order to prevent the direct access to site B, you are going to need to code your scripts on server B to refuse any visitors that haven't first visited site A.

As for finding a way to permit access to site B from site A, I can think of a couple of ways.

One would be to provide a secret token from site A that gets sent to site B through a form. Another way would be through a cookie. Site B would receive a form submission (GET or POST) from Site A that contained the token...or Site B would check for the presence of a cookie. The security of Site B would depend heavily on how secret your cookie is.

To further increase security, you might have Site A and Site B pass some information like "expect a visit from User X with pass word "mypassword"...or something like that.

hope this is helpful.