如何确定用户是否来自https domian?
[英]How can I determine if a user has come from an https domian?
问题描述
I have a page that redirects users (JavaScript) to an "account admin" page (on an https domain) if the user is logged in. If not, the page shows them instructions on how to log in. 
我有一个页面,如果用户已登录,则该页面会将用户(JavaScript)重定向到“帐户管理员”页面(在https域上)。否则,该页面将向他们显示有关如何登录的说明。
Once they're done updating their preferences, there's "back to content" link that takes the user back to the previous URL. 一旦他们完成了首选项的更新,就会出现“返回目录”链接,该链接将用户带回到上一个URL。 The problem is that since users are logged in by this point, the redirect fires and sends them right back to their account admin page. 问题在于,由于此时用户已登录,因此将触发重定向并将其发送回他们的帐户管理页面。
I thought I could determine this by looking at the referrer header from the https domain, but alas, they don't exist for https (as far as I can tell). 我以为可以通过查看https域中的引荐来源标头来确定这一点,但是,据我所知,它们对于https不存在。
JSP: JSP:
request.getHeader("referer");
//returns null
I tried using JavaScript to dynamically append the URL with a parameter that I could then check for before firing the redirect again. 我尝试使用JavaScript将URL动态附加一个参数,然后可以在再次触发重定向之前检查该参数。
JavaScript 的JavaScript
window.location.pathname += "?test=1";
This causes a redirect loop, but I don't know of another way to modify the URL path. 这会导致重定向循环,但是我不知道另一种修改URL路径的方法。
Due to access limitations at work, I can't work in anything but my page template. 由于工作上的访问限制,除了页面模板之外,我什么都不能工作。 I can't modify anything on the https server, nor htaccess. 我无法在https服务器上修改任何内容,也无法修改htaccess。
So, with those limitations, how can I figure out if a user has come to my page from the https domain? 因此,在这些限制下,如何确定用户是否从https域访问了我的页面?
1 个解决方案
解决方案1
1 2011-10-13 23:25:45
To get referring URL 获取引荐网址
document.referrer
If you are adding information to the URL that should not be sent to the server, but rather for the page to use, then use a hash, not a query. 如果要将信息添加到不应发送给服务器的URL中,而是要供页面使用,请使用哈希而不是查询。 The "?" “?” should only be used if you are sending data to the server for processing 仅在将数据发送到服务器进行处理时才应使用
window.location.hash += 'test=1'
//Makes the url look like http://example.com/#test=1
This Link will append "dontdoanything" to the url hash, without reloading the page. 该链接将在URL哈希后面附加“ dontdoanything”,而无需重新加载页面。
EDIT : So I did some research and it doesn't seem like there is a quick way to do it (ie document.referrer ). 编辑 :所以我做了一些研究,似乎没有一种快速的方法(即document.referrer )。 But those methods are not very reliable anyway. 但是这些方法还是不太可靠的。 I have heard that web-kit (may be older versions, and is fixed now) will drop the referrer information if the link is opened in a new tab or window, even for http to http. 我听说,如果在新标签页或窗口中打开了链接,即使对于从http到http的链接,web-kit(可能是较旧的版本,现在已修复)将删除引用信息。
It would seem that you are working completely on your own site, so I would consider using cookies or a hash in the URI. 看来您已经完全在自己的网站上工作了,所以我考虑在URI中使用cookie或哈希。 You could just set some variable within the cookie or hash when redirecting back and read it as a status flag when the page loads. 您只需在向后重定向时在Cookie或哈希中设置一些变量,并在页面加载时将其作为状态标志读取即可。 You can of course have cookies persist for periods of time, as well as across all pages on your domain. 当然,您可以让Cookie保留一段时间,也可以保留您域中的所有页面。 There is a possibility that you already have session information stored in a cookie that you could even check. 您可能已经将会话信息存储在cookie中,甚至可以检查它。
If you were redirecting from pages not on your domain, I would suggest supplying those sites with a specific link, with a specific hash in the URI, that you can reference in your database to get the referrer. 如果要从不在您域中的页面上重定向,我建议为这些站点提供一个特定的链接,并在URI中提供一个特定的哈希,您可以在数据库中对其进行引用以获取引荐来源网址。
Hope this helps... 希望这可以帮助...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.