由Auth组件重定向时，HTTP_REFERER为空 [英] HTTP_REFERER empty when redirected by Auth Component

问题描述

在CakePHP中，当您尝试访问保护操作时，会自动进入您应用程序中的登录表单。但是HTTP_REFERER为空????

In CakePHP when you try to access a protect action you are automatically taken to the login form within your app. However the HTTP_REFERER is empty????

$referer = env('HTTP_REFERER');

echo $referer;

所以通常当我访问登录页面时，我会看到显示此代码的上一页URL，如果我在访问登录页面后被Auth组件带到那里，那么它将是空的...

So normally when I visit the login page I will see the previous page URL with this code displayed, but if I visit the login page after being taken there by the Auth Component then it will be empty...

为什么是空的？正如我刚刚提到的

why is it empty? as I was just referred???

，如何让它承认重定向作为参考？ 注意：在这种情况下，使用Auth.Redirect会话值不是一个选项，因为它会在用户离开网站后留下来，例如，如果他们返回登录页面，则会显示ORIGINAL请求的操作，不是引荐页面！因此，即使它不是因为它使用现有会话，它仍将充当引荐。

and how do I get it to acknowledge the redirect as a referal? NOTE: Using the Auth.Redirect session value is not an option in this case because it will stay around after the person has left the site, so for example if they return to the login page it will show the ORIGINAL requested action and NOT the referred page! So it will act as a referral even when its not because it's using the existing session

编辑：

另一个例子：

    if(isset($_SERVER['HTTP_REFERER'])) {
        echo $_SERVER['HTTP_REFERER'];
    }
    else
    {
        echo 'their was no referer';
    }

当用户转到登录表单时，会说他们没有引荐但这显然不是真的！

When the user is taken to the login form it will say their was no referer but that's obviously not TRUE! ????

推荐答案

HTTP_REFERER 是浏览器的一种方式告诉服务器用户之前访问过的页面。它不会指示用户刚刚重定向到的页面。

HTTP_REFERER is a way of the browser to tell the server what page the user was visiting before. It does not signal what page the user has just been redirected from.

以Stackoverflow上的广告为例。点击其中一个会将您带到 adzerk.net 上的一个长URL，它会记录您的点击，然后将您重定向到目标网址。中间的Adzerk页面本身不是一个有趣的页面，用户从来没有看到它，除非他密切关注地址栏。事实上，没有一个页面有。所以它不算作网页访问。下一页将收到 stackoverflow.com 作为引荐来源，中间重定向网页不相关。

Take for example the Ads on Stackoverflow here. Clicking on one of them will take you to some long URL at adzerk.net, which records your click and then redirects you to the target URL. The intermediate Adzerk page is not an interesting page in itself and the user is never actually seeing it, unless he's paying close attention to the address bar. In fact there isn't even a "page" there. So it doesn't count as a "page visit". The next page will receive stackoverflow.com as the referer, the intermediate redirect page is irrelevant.

Stackoverflow -> Adzerk redirect -> Some advertiser
                                    HTTP_REFERER: stackoverflow.com

如果您输入地址到地址栏。如果您使用Stackoverflow并在地址栏中输入 yahoo.com ，Yahoo将不会看到您的任何引荐来源。如果您在从Stackoverflow到Yahoo的链接上点击，浏览器会发送一个引荐来源。

There's also no referer at all if you type an address into the address bar. If you're on Stackoverflow and type yahoo.com into the address bar, Yahoo will not see any referer from you. If you click on a link that takes you from Stackoverflow to Yahoo, the browser does send a referer.

在您的情况下，如果您直接访问受保护的操作，只需在地址栏中输入受保护的操作，然后重定向即可，因此您没有上一页。

In your case, if you directly access a protected action by typing it in the address bar and get redirected, there simply is no previous page you came from.

根据注释，这里如何注入数据到URL重定向：

As per the comments, here how to inject data into the URL while redirecting:

AppController extends Controller {

    function redirect($url, $status = null, $exit = true) {
        if (is_array($url)) {
            $url['?'] = 'redirect=true';
        } else {
            $url.= '?redirect=true';
        }
        return parent::redirect($url, $status, $exit);
    }

}

这篇关于由Auth组件重定向时，HTTP_REFERER为空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！