Request.UrlReferrer null?

前端 未结 4 548
时光说笑
时光说笑 2020-11-27 06:53

In an aspx C#.NET page (I am running framework v3.5), I need to know where the user came from since they cannot view pages without logging in. If I have page A

相关标签:
4条回答
  • 2020-11-27 07:06

    What you're looking for is best done with a query string variable (e.g. returnURL or originURL). Referrer is best used for data mining operations as it's very unreliable.

    See the way ASP.Net does redirection with logins for an example.

    0 讨论(0)
  • 2020-11-27 07:12

    The problem could be related on how you redirect the user to some other page. Anyways, the referer url is nothing you should take as absolute rule - a client can fake it easily.

    0 讨论(0)
  • 2020-11-27 07:19

    UrlReferrer is based off the HTTP_REFERER header that a browser should send. But, as with all things left up to the client, it's variable.

    I know some "security" suites (like Norton's Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I'm sure there's some Firefox extensions to do the same thing.

    Bottom line is that you shouldn't trust it. Just append the url to the GET string and redirect based off that.

    UPDATE: As mentioned in the comments, it is probably a good idea to restrict the redirect from the GET parameter to only work for domain-less relative links, refuse directory patterns (../), etc. So still sanity check the redirect; if you follow the standard "don't use any user-supplied input blindly" rule you should be safe.

    0 讨论(0)
  • 2020-11-27 07:22

    If you use the standard Membership provider, and set the Authorization for the directory/page, the code will automatically set a query parameter of ReturnUrl and redirect after a successfull login.

    If you don't want to use the Membership provider pattern, I would suggest manually doing the query string parameter thing as well. HTTP referrers are not very reliable.

    0 讨论(0)
提交回复
热议问题