How to check if a request if coming from the same server or different server?

by

Basically : you cannot.

With the HTTP protocol, each request is independent from the others.

A first idea would be to check the Referer HTTP header, but note that :

  • It can be faked (it’s sent by the browser)
  • It is not always present.

So : not a reliable solution.

A possible, and far better than the Referer idea, solution could be to use a nonce :

  • When displaying the form, put a hidden input field in it, containing a random value
  • At the same time, store that random value into the session that correspond to the user.
  • When the form is submitted, check that the hidden field has the same value as the one that’s stored in session.

If those two values are not the same, refuse to use the submitted data.

Note : this idea is often used to help fight against CSRF — and integrated in the “Form” component of some Frameworks (Zend Framework, for instance).

More Related Contents:

  1. Error with simple print_r() code [closed]
  2. How to turn associative array into separate variables? [closed]
  3. How should a model be structured in MVC? [closed]
  4. mysqli or die, does it have to die?
  5. How to saveHTML of DOMDocument without HTML wrapper?
  6. + operator for array in PHP?
  7. PHP DateTime::modify adding and subtracting months
  8. Laravel: Error [PDOException]: Could not Find Driver in PostgreSQL
  9. How to replace MySQL functions with PDO?
  10. PHP file cannot enter some part of code
  11. Path of assets in CSS files in Symfony 2
  12. Undefined index with $_POST [duplicate]
  13. OPENSSL file_get_contents(): Failed to enable crypto
  14. Looping through all the properties of object php
  15. Notice: Undefined offset: 0 in
  16. CodeIgniter activerecord, retrieve last insert id?
  17. How to reverse a Unicode string
  18. PHP on GoDaddy Linux Shared trying to send through GMAIL SMTP
  19. PHP pass variable to include
  20. php SimpleXML check if a child exists
  21. Could not open input file: composer.phar
  22. Call PHP function from jQuery?
  23. PHP Timezone List
  24. Which is faster? Constants, Variables or Variable Arrays
  25. How do I send a HTTP/2 POST request in PHP
  26. Php & Sql Injection – UTF8 POC
  27. Asynchronous HTTP requests in PHP
  28. Sort a multidimensional array descending by subarray count and preserve first level keys
  29. How to display “12 minutes ago” etc in a PHP webpage? [closed]
  30. Why does PHP not complain when I treat a null value as an array like this?

Leave a Comment