itgMan said:
thank you John,
here is what i really want,
i dont want the user to surfe and go through my web application by editing
the URL in the address bar,
so i wonder if i can know that he has edited the URL,
this will help me to display a warning message telling the user not to
change it,
so is there an event in the javascript that i can use,
or is there a defferent in the HTTP header that i can use..
i have used the following method :
the HTTP_REFERER is always empty when the user navigate using the address
bar,
but this did'nt help me because its also empty when a page is opened as a
popup window..
im trying to solve the problem in a diferrent manner..
Sorry, the answer is, "you can't".
The user's address bar belongs to - the user, not to you. If you want that
kind of control over the application the user uses to access your
application, then you need to write one yourself and then somehow make sure
the user doesn't use somebody else's application.
But that's not how the Internet works, so you'll be wasting your time to try
to solve this problem. Instead, you should make sure that this problem isn't
a "problem" for you. Make sure that the user (or better still, the Hacker)
can use any URL they like without compromising the security of your
application. If you can't do that, then you need for your application to not
be on the Internet at all.
And BTW, you can't stop them from using the BACK button or from pressing
Refresh or clicking the Submit button more than once.
John Saunders
