Archive of UserLand's first discussion group, started October 5, 1998.
Author: firstname.lastname@example.org Posted: 8/11/1999; 3:53:06 PM Topic: Deep Linking Msg #: 9354 (In response to 9320) Prev/Next: 9353 / 9355
This really seems like overkill. Why not just write a filter that checks the REFERRER header? Sure, a hacked browser could get around this, but if the point is to keep people from linking to your page without permission, then this exploit is a non-issue.
Instead you are dynamically computing all the URLs on a page, which just seems silly. This sort of strict sessioning does have a place on the web, it just doesn't seem necessary for this problem.
As a bonus, if you check the referrer, you can still allow links in from partner web sites without requiring them to implement any extra technology, you, as the content producer, just add their base URLs to your database of permitted linkers.
This page was archived on 6/13/2001; 4:51:49 PM.
© Copyright 1998-2001 UserLand Software, Inc.