Sometimes a user needs to connect to a web page to access another one. We do not want him to access our site directly by copying the URL in the navigati nbar or by keeping it in his browser history. If we are talking about the same website, the easy solution is to oblige the user to sign in, but if we are talking about two separate sites the problem we want to solve is this one: how do we transfer informatin from one site to another without asking a user to identify himself a second time? This solution might not be the optimal one, but it works very well.
'Validate that the user has not typed the address inside the navigation 'bar If Request.ServerVariables("HTTP_REFERER") Is Nothing Then Response.Redirect("www.siteidentification") 'Validate the origin of the URL and autorize the user session ElseIf Request.ServerVariables("HTTP_REFERER").Contains("wwww.jmsalazar.net") Then Session("user") = "userJMS" Response.Redirect("www.siteautorisé") Else Response.Redirect("www.siteidentification") End If
The HTTP_REFERER variable from ServerVariables verifies if the site really comes from the address we are expecting, but we have to validate that this variable is not empty, otherwise we will get a NullReferenceException.