Request.UrlReferrer null!?

Question

In an aspx C#.NET page (I am running framework v3.5), I need to know where the user came from since they cannot view pages without logging in. If I have page 'A' (the page the user wants to view) redirect to page 'B' (the login page), the Request.UrlReferrer object is null.

Background: If a user isn't logged in, I redirect to the Login page ('B' in this scenario). After login, I would like to return them to the page they were requesting before they were forced to log in.

UPDATE: A nice quick solution seems to be:
//if user not logged in
Response.Redirect("..MyLoginPage.aspx?returnUrl=" + Request.ServerVariables["SCRIPT_NAME"]);
Then, just look at QueryString on login page you forced them to and put the user where they were after successful login.

Answer 1

The problem could be related on how you redirect the user to some other page. Anyways, the referer url is nothing you should take as absolute rule - a client can fake it easily.

Answer 2

What you're looking for is best done with a query string variable (e.g. returnURL or originURL). Referrer is best used for data mining operations as it's very unreliable.

See the way ASP.Net does redirection with logins for an example.

Answer 3

UrlReferrer is based off the HTTP_REFERER header that a browser should send. But, as with all things left up to the client, it's variable.

I know some "security" suites (like Norton's Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I'm sure there's some Firefox extensions to do the same thing.

Bottom line is that you shouldn't trust it. Just append the url to the GET string and redirect based off that.