Skip to main content
2Charlie
2Charlie
Inspiring
February 24, 2016
Answered

Is it possible to manually set HTTP_REFERER?

  • February 24, 2016
  • 1 reply
  • 4740 views

Does anyone if it is possible to manually set the CGI.HTTP_REFERER? If so, how do I accomplish it?

    This topic has been closed for replies.
    Correct answer 2Charlie

    Okay, so in the CommonSpot log, it has this exception error: Exception: Element MYSITESHIBBOLETH.ISAUTHENTICATED is undefined in SESSION.

    However, wasn't the <cfif IsDefined("session.mysiteShibboleth.isAuthenticated")> supposed to account for this error and prevent it from generating?


    Many thanks for all the help. I got it working now. There is no issue with the <cfif IsDefined("session.mysiteShibboleth.isAuthenticated")>. It was a log in the <cfelse> that I tried to log the session variable that was not set and not exist. Thus, it throws the error.

    The initial issue about unable to redirect was resolved. The issue that it keeps looping was because the way I test if the user was logged in or not is wrong. Since I'm using CommonSpot CMS, it used their isLoggedIn API and it was not giving me the value I was looking for to test the user's authentication status. So, I set a session.mysiteShibboleth.isAuthenticated variable and checked for this on the details page. It now seems to work.

    1 reply

    Carl Von Stetten
    Carl Von Stetten
    Legend
    February 24, 2016

    Why would you want to do that?  The variable is based on what the web server forwards to ColdFusion.  Why would you need to alter it?

    2Charlie
    2CharlieAuthor
    Inspiring
    February 24, 2016

    Here's the problem.

    1. User enter the search word and click enter
    2. The search page shows the result on the page with links
    3. The user clicks on the link to see the details page
    4. The details page requires authentication
    5. It redirects the user to the authentication page. At this page in the custom_application.cfm page, it shows the HTTP_REFERER;  https://devbox.mysite.com/search/?search=calendar
    6. The user authenticated and then it comes back to the https://devbox.mysite.com/search/?search=calendar page instead of to the https://devbox.mysite.com/kb/article/calendar page, which is the link that the user clicked and wants to go there.

    That is the problem. If you can help find a better solution, that'll be great. Thanks for the response though.

    Carl Von Stetten
    Carl Von Stetten
    Legend
    February 24, 2016

    If you don't want to authenticate the user at the outset rather than when they click a details link (and what happens if they go back to the results and click a different link - do they have to authenticate again?), then store the link URL in a session or client variable and then navigate to the value in the session variable after authentication.  If you go the client variable route, make sure to use cookies (or alternatively database) rather than registry.


    Don't mess with HTTP_REFERER - that is how you tell where the user **actually** came from.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices