Cross-domain validation in PHP
Question
I am currently working on a project that revolves around the following:
Page 1 ( domain1 ) redirecting to Page 2 ( domain2 ) redirecting to Page 3 ( domain2 )
I wanna make sure that the Page 2 contents is NOT shown unless the user is confirmed to have visited Page 1 first. For obvious reasons, I cannot use sessions and cookies, since domain1 and domain2 are two separate domains.
$_SERVER['HTTP_REFERER'] is a possible solution, but it can be modified or even stripped from the browser requests, so I have no guarantee I won't inadvertently block legitimate users by using it.
How would I go about doing it?
1 answers
solution1
0 2017-01-22 13:58:01
Yes. You cannot set cookie without direct request from browser.
You can pass a token while redirecting from http://page1 to http://page2/?token=hash_function ($salt,$user_ip).
More complex way is to generate token on domain with page1 and recheck it with direct request from page2 server to page1 server. This allows you to create "one-time" tokens and even user changed his ip during session (really rare case) - this redirect still be valid.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.