Well, there you have it Shao-Ju. Hey, I learned something new today. Cool.
----- Original Message ----- From: "Bob Showalter" <[EMAIL PROTECTED]> To: "'Shao-Ju Chao'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, July 24, 2002 7:56 AM Subject: RE: HTTP_REFERER > -----Original Message----- > From: Shao-Ju Chao [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, July 24, 2002 9:49 AM > To: [EMAIL PROTECTED] > Subject: Re: HTTP_REFERER > > > Thanks. I was setting up some Paypal stuff and want to make > sure that the user is > actually coming from Paypal (https://www.paypal.com.....) and > then come to my web page to > ativate their account. The "return" link is on Paypal and > when they click the link and > return, I checked the HTTP_REFERER and expect it to be > "https://www.paypal.com..."; but it > wasn't. Per RFC 2616, clients are not supposed to send a Referer header in a non-secure request when the referring page used a secure transfer (https). -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
