using http_referer depending on browser?

olaf

Hallo,

I remember that I read something about that the referer in special circumstances is not transferred by a browser.

I want to use the http_referer to block access to a downloader-file outside from my webpage like:

if (isset($HTTP_REFERER) && $HTTP_REFERER == "http://www.mydomain.org/dir/") {
	//do something
} else {
	exit;
}

will this work for everyone if the script is executed on the orig. location?

olaf

Hallo

was something unclear in the question?

Weedpacket

It's not so much "special circumstances" that decide if and when a browser supplies a value for $_SERVER['HTTP_REFERER'] but the fact that the client is never under any obligation to do so. For one thing, it may be undefined (the header only has meaning if there is a referring page), and some clients just don't bother with it. The vast majority of the browsing public would be using clients that supply it. Generally speaking, it would only be robots, more specialised clients (e.g., scripts that are requesting pages), and people trying to operate without leaving a trail of breadcrumbs that wouldn't supply the URL of the page they last visited.

olaf

Thank you for this information, I think this its nearly the same what i have read before. I know about programs which are hiding almost everything from the client.

I this case I think i use the code like above and if people can not use the script then they have to use standard browsers and settings.

I want to use this if-clause to block download's from external page's

access9

I this case I think i use the code like above and if people can not use the script then they have to use standard browsers and settings.

Why would you want to intentionally exclude users? You can do the same thing by using sessions, setting a session variable and then checking for that session variable.

-a9

olaf

a lot of users are blokking cookies and my luxury webhost likes only session's if the session id is stored within a cookie.