I have a login page and users from different domains are redirected to this page for the purpose of SSO. I use the referrer HTTP Header field to know where the user has come from, thus on successful login, I return him/her back to his/her original domain. But sometimes my referrer is not set, while other times it's set. Why?
Users can come to your page using different methods:
Now, browsers really differ in how and when they set referrer header field. But as a general rule, you can be sure that on link click, or on submitting a form (post request), they set referrer field. Also if you have come to the current page via a redirect or a link, browser still preserves referrer header on F5 (page reload).
If you see that your referrer field is empty, it's because someone knows your Login page URL and enters that directly into the address bar, or someone has bookmarked it, so sends a GET request.
Generally, you shouldn't always expect the referrer field, because it's outside your control. You should use cookies, or query strings, because they are under your control.
the other thing is that some user may have referer option set as disabled in their browsers as a part of browser security settings.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With