> -----Original Message----- > From: Shao-Ju Chao [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 9:49 AM > To: [EMAIL PROTECTED] > Subject: Re: HTTP_REFERER > > > Thanks. I was setting up some Paypal stuff and want to make > sure that the user is > actually coming from Paypal (https://www.paypal.com.....) and > then come to my web page to > ativate their account. The "return" link is on Paypal and > when they click the link and > return, I checked the HTTP_REFERER and expect it to be > "https://www.paypal.com..."; but it > wasn't.
Per RFC 2616, clients are not supposed to send a Referer header in a non-secure request when the referring page used a secure transfer (https). -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
