Using http_referer in PHP

Every browser sends a referer in the header. (The HTTP header contains additional information about you and the webpage you’re requesting). The referer is the site you’ve been on before requesting the current site. That means you can see where people came from. Here is a nice and effective technique on how you can use the referer in a web application.

You are on a typical website. Let’s say Jobazaar. You’re logged in. You want to log out. But, wait, you just want to log out, not leaving the page you’re currently viewing. Uhmm.. it’s Jobazaar, so just click “log out”.

What happens? You get the same page, you’re just not logged in anymore. Some magic caused by the referer in the HTTP header. Remeber: We are not passing any arguments through the URL.

This is what happens in the logout script:

....
(some magic things you'll never get to know)
....
if(@$_SERVER['HTTP_REFERER'] != '')
   header('Location: '.$_SERVER['HTTP_REFERER']);
else
   header('Location: http://www.example.com/');
....

header('Location: ...'); does a 302 redirect to the specified site. The user will not notice any redirecting.

These are four lines that can make a huge improvement on usability. It�s the small things that count. People won’t take much notice of this improvement, but they have a better experience when surfing your site since they don’t have to navigate back to the point they’ve been on when logging out.

I’ve to say that there are areas on a website where you can’t get back to after logging out. That’s no problem, because those ‘areas’ should automatically redirect you to some ‘safe’ place. No improvement there, however.

Published by

Julian Bez

Julian Bez

Julian Bez is a software engineer and former startup founder from Berlin, Germany.

  • bruce

    How the heck does this actually do anything? It looks to me like it just reloads the same page.

  • http://www.julian-bez.de/ Julian

    Uhm, well, yes.

    Like it says in the article: “You get the same page, you

  • bruce

    So how are you not logged in any more? I really don’t understand. Is it because you were tracking session through GET variables and these have been stripped or something?

  • http://www.julian-bez.de/ Julian

    That discussion gets weird. Maybe I should rewrite the article. It should’ve been just an example for using HTTP_REFERER, nothing more. You can perform an action (‘log out’) and get back to the same page, without passing anything through the URL.

  • A.

    This code was a great help. I found it in a G search where I was seeking help getting a login (with a form posting to itsself) to redirect back to the referring page. I didn’t have much luck with what I tried. Any suggestions?

    cheers,

    A.

  • A.

    To be more specific, I’m looking to do this in situations where people have bookmarked pages that are only accessible with session data where they’ve been 302 redirected to the login page.

    A.

  • A.

    So, I just ended up passing the referring page as a URL variable to the login, and that seemed to work.

    A.

  • haseebmohammed

    yeh i understood the concept but iam bit confused about how to use this HTTP_REFERER where should i apply and how should i.please tell me how to check this.

  • http://www.julian-bez.de/ Julian

    @haseebmohamm: If you understood the concept, what’s the problem? Could you please concretize your question?

  • davy

    Sounds great, but when i echo or try the example i get nothing. does this require some type of setting from my host server. Maybe my server wont allow the command to display? wish I could get thi to work….

  • http://www.vertigowebsolutions.com Tim Hawkins

    I was just wondering about something.

    If for example in a login script you were in a page in a subfolder so your url would be simething like this “http://www.visitediste/subfolder1/page1.php”
    and your login script is taking you above your subfolder then HTTP_REFERER refer would take you to:
    “http://www.visitediste/page1.php”. I tested this out and I think I’m correct

  • Mahendra Choudhary

    Hi,it is really marvellous.

  • Sherlin Fernandes

    This is utter waste,nothing it explains about the HTTP_REFFER and nor does it explain how to do it.If i have logged in and has a link to forward.How that link will work exteranally as he has to login.

    Utter waste

  • http://www.atasozlerianlamlari.com atasözleri

    Thanks you but this is doesn’t working.

    Header request hasn’t referer data.

    Can anyone help me please?