0

I have a private web page that one can visit if the user in logged in. I can, of course, check if the session is set or simply if the user is logged in. If yes, let the page execute and show the output. If not, take the user to the login page.

But how can exclude request from a specific external domain to this private page. In other words, How can I make this private page as a public page to the user if that user is coming from this one specific external domain?

Is there any way I can find out where the request is coming from or what IP etc? So i can exclude the condition if the user is logged in.

Any suggestions?

Shaonline
  • 1,597
  • 6
  • 18
  • 36
  • what http server are you using? – E LaRoche Mar 16 '17 at 20:20
  • Apache/2.4.16 (Amazon) – Shaonline Mar 20 '17 at 09:44
  • http servers typically make certain information available to you. The specifics depend on the server and programming language. Here is an example of this with php http://stackoverflow.com/questions/3003145/how-to-get-the-client-ip-address-in-php – E LaRoche Mar 20 '17 at 13:04
  • if abc.com has a link to a page on my domain (xyz.com). How would I know if it is coming from abc.com?? While debugging... I couldn't find $_SERVER['REMOTE_HOST'] and i don't think $_SERVER['REMOTE_ADD'] is something i am looking for. – Shaonline Mar 21 '17 at 10:58
  • there is an HTTP header called 'Referer' that would have that information. – E LaRoche Mar 21 '17 at 16:00

0 Answers0