I am doing a login page for my application. When a user wants to go to “myaccount.php” but he’s not logged in, he’s redirected to login.php.
When login is successful, I want him to be redirected to $_SERVER['HTTP_REFERER'], which will be various pages of my application.
I read on forum that ['HTTP_REFERER'] can be dangerous.
But what if I create an array like (‘myaccount.php’,’mycart.php’, etc…) and compare this array to $_SERVER['HTTP_REFERER'], will this protect me against potential malicious use of this feature?
$_SERVER[“HTTP_REFERER”] is not dangerous – it’s just attacker controlled. It won’t hurt you unless you trust it for granting extra permissions to someone (e.g. don’t assume that someone who just came from successful-login.php has successfully logged in!)
Redirecting a user doesn’t grant any special permissions to the user, so redirecting an attacker to an attacker-controlled string does not compromise your server’s security in any way.