My actual implementation of this is much more complicated, with authentication and a bunch of other stuff, but at the simplest form, here’s the problem I’m having. Redirecting with header doesn’t reveal itself as a referer.
So, let’s say I have three pages: start.php, middle.php and end.php
start.php
<html><body>
<a href="middle.php">middle</a>
</body></html>
middle.php
<?php
header('Location: end.php');
?>
end.php
<?php
echo 'The referer is: ' . $_SERVER['HTTP_REFERER'];
?>
When you follow the link, you end up at end.php, but the referer is not middle.php. Is there any other redirection method I can use to correct this, or anything else I can do?
Cheers
EDIT
In this case, the destination page is a third party vendor. The only method they have to validate is from refering URL. I have no control over that. I just need my page that does the redirect to send the proper URL. Are there any alternatives to this redirection method, rather than picking apart the reasons not to trust http_referer?
I went with the old meta refresh method of redirection. This keeps the referring URL in tact for the vendors that require it. Any vendor that doesn’t require it still uses the header function, for speed and ease of use.