I had written java code for information sent and received for the server in bytes.The issues is how do i differentiate a HTTP Request submitted from a HTML form and a HTTP Request submitted from user. we are trying through refer in HTTP headers, but for the first request the referrer is null. hence this option is not feasible. is there any other API/other approach? Please let me know with a sample code... thanks, Ps
views:
276answers:
5
A:
Here's the algorithm at a high level:
- When generating the HTML form, generate a random number/String/GUID and embed it in the form as a hidden input. Store this random value server-side (in application context, in a LinkedHashMap so you can set a maximum size/MRU cache, in some sort of cache solution, etc.)
- When processing the form request, check for the presence of this random token.
- If the request contains the random token, then
source = HTML form - Else,
source = human
- If the request contains the random token, then
You could also set cookies when sending the original HTML form, check for their presence on the postback; put some data in the Session object, etc; these are all variants on the same idea.
matt b
2009-03-04 04:59:55
i will give a detail view of the issue, i had written a proxy which will monitor all incoming and out going http requests from my pc on a specific port.am able to get all the data sent and received bytes (Like http watch tool), but i want differentiate a HTTP Request submitted from a HTML
2009-03-04 05:42:27
form and a HTTP Request submitted from user. is there any way.. this is nothing to do with any html or servlet on an application. i had written a java proxy and my proxy needs to identify Request submitted from a HTML form and a HTTP Request submitted from user
2009-03-04 05:43:22
A:
thanks matt for replying, i will give a detail view of the issue, i had written a proxy which will monitor all incoming and out going http requests from my pc on a specific port.am able to get all the data sent and received bytes (Like http watch tool), but i want differentiate a HTTP Request submitted from a HTML form and a HTTP Request submitted from user. is there any way.. this is nothing to do with any html or servlet on an application. i had written a java proxy and my proxy needs to identify Request submitted from a HTML form and a HTTP Request submitted from user.
Perhaps knowing why you wish to be able to do this would help answer the question better?
matt b
2009-03-04 05:20:29
+2
A:
I understand the problem better now. The simple answer is no. The more complex answer is kind of, the best you can do is make an informed guess.
If the request does not have a Referrer header([1]) then this might mean the user went to the URL directly (via typing it in to the address bar, or selecting a bookmark for instance). The problem here is that you're not guaranteed to receive that header, so you have to hope the browser is behaving.
Next, if the request type is a POST and the mime type is "application/x-www-form-urlencoded" or "multipart/form-data" then that is usually a form submission, i.e. a user has clicked submit, or similar.([2])
It is not (usually) possible for users using a browser to issue POST requests directly.
So that's a couple of basic rules to help you make a best guess, but there are so many things on the browser side that can mess with this logic I honestly don't think you'll find something that'll help you accurately.
brindy
2009-03-04 05:19:55
A:
If this is for security reasons, then this is not possible. Anything the browsers sends to you, can also be send by the user.
But unclear is what you mean by send by the user.
Ikke
2009-03-04 10:38:20
A:
Like Brindy said. Check the method, if its post check the mime type. It is as accurate as you are going to get. Unless the user is a professional he will not know how to fake a form submission, and most apps that use post to communicate that are not browsers will specify a different mime type.
Sruly
2009-03-04 11:35:13