HTTP_REFERER vs SESSIONS

valter_ego_barb

Hello,

I'm building a site that uses sessions to maintain state. It has a link section to external sites, so how do I clean up the $_SERVER['HTTP_REFERER'] before opening up the external link?

I'm assuming that the user will never have cookies enabled, so I allways get this long url string appended to the end of the url. How can I clean it before opening a new "external" page?

Thanx.

Valter

drew010

$_SERVER['HTTP_REFERER'] is really just readonly. it is what the users browser sends in the http request if a link was clicked on a webpage. it wont be sent if they are on a secure connection, but there is no way to tell their browser not to send it, nor is there anyway to erase it.

valter_ego_barb

Thanks for the reply...

But isn't there any way to route the external link to a page, that can then act as a referer page, but withouth the session info ?

I've tried this method but doesn't seem to work either...Any clues?

drew010

session id's should automatically be stripped from inside a=href,area=href,frame=src,input=src,form=fakeentry,fieldset=
tags on a page so it will not be passed to remote sites.

otherwise you can try to setup a page like exit.php?url=http://....
and in exit have

<?php
header("Location: " . $_GET['url']);
?>