[Webtest] CGI variables in WebTest

[Jon Gunnip]

Terry,

Thanks for the comment.  I'll give you a couple more details about my
app to explain how the referrer is alway required - even in the case of
an application page being bookmarked.  

I'm using ColdFusion where there is a tag called <cflocation> that does
a client-side redirect - i.e. induces the client to do a get of a new
URL.  This is how some basic application control processing is handled.

In my application, if a user bookmarked the post-login page, they would
get kicked back to the login page when they used the bookmark.  The
login process would then kick off a redirect back to the bookmarked
application page after a successful login occurred (at which point the
referrer would be checked to make sure the redirect came from the login
app and not untrusted source).  

Thus, I'm counting on alway knowing where the user entered the app from.

Jon

>>> terry@net-frame.com 03/20/04 4:52 PM >>>
Jon,

My experience is that, while most requests from other pages do set the
"referer" parameter, when the user comes to you from a bookmark,
"referer"
will be blank.  So, the usefulness of this parameter depends to some
extent
on how many users reach you via a bookmark.

Regards,

Terry

----- Original Message -----
From: "Jon Gunnip" <Jon.Gunnip@hsc.utah.edu>
To: <webtest@lists.canoo.com>
Sent: Saturday, March 20, 2004 12:56 PM
Subject: Re: [Webtest] CGI variables in WebTest


> Marc,
>
> Thanks for the reply.  It looks like I should look into whether or not
> httpunit can be configured or extended to include the Referrer on
get's.
>  I have temporarily disabled the referrer check in my development
> environment as a temporary fix.
>
> I believe most browsers do pass the Referrer in the sequence I
outlined.
>  For about a year in production, we have had a central login system
that
> relies on browsers working this way, and we have had no complaints
about
> it not working.
>
> Thanks again,
> Jon
>
>
>
> >>> mguillemot@yahoo.fr 03/20/04 9:51 AM >>>
> Hi Jon,
>
> It seems to me that it is an httpunit issue.
> Concerning the sequence: are you sure that the browsers of your
visitors
> will really send the Referrer header? I can
> imagine that some browsers can be configured to disable sending this
> information for privacy reasons.
>
> Marc.
>
> Jon Gunnip wrote:
> > Hello,
> >
> > I'm wondering if there is a way to get WebTest to set CGI variables
> > like HTTP_REFERRER when doing a GET?
> >
> > Looking at my webserver log, it will only set HTTP_REFERRER when it
> > does a post.  Browsers will set HTTP_REFERRER when doing a get.
> >
> > This is my sequence:
> > POST of Login form leads to client-side redirect (GET) to User home
> > page.  The user home page checks HTTP_REFERRER to make sure the user
> > came from our login site.  Since WebTest's HTTP_REFERRER is blank,
the
> > redirect fails and the user is sent back to the login page.
> >
> > Thanks,
> > Jon
> > _______________________________________________
> > WebTest mailing list
> > WebTest@lists.canoo.com
> > http://lists.canoo.com/mailman/listinfo/webtest
> >
>
>
> _______________________________________________
> WebTest mailing list
> WebTest@lists.canoo.com
> http://lists.canoo.com/mailman/listinfo/webtest
>
> _______________________________________________
> WebTest mailing list
> WebTest@lists.canoo.com
> http://lists.canoo.com/mailman/listinfo/webtest
>

_______________________________________________
WebTest mailing list
WebTest@lists.canoo.com
http://lists.canoo.com/mailman/listinfo/webtest