I need to count number of hits of a url being hit from a page but for that I need to detect if url is being hit from page or simply copy pasted.
Can anyone suggest me what to choose among methods:
1. Using $_SERVER['HTTP_REFERER']
2. Using sessions
3. IP matching
分享 $_SERVER['HTTP_REFERER'] seems to be the natural choice, however, the php docs at http://php.net/manual/en/reserved.variables.server.php have some intersting stuff to say:
'HTTP_REFERER' The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
A more reliable method would be to encode some data dynamically into the URL when it is clicked on the page, like the current UTC datetime. Then server side check if the received timestamp is within 1 or 2 seconds of the current time. If there is a copy and paste, either there will not be a timestamp, or the timestamp will be wrong.
It is possible that the client will have the wrong time, but unlikely nowadays. To be extra extra sure, you would need to send a timestamp from the server and use this as a base for generating your datetime.
Following comments:
agree, timestamps can be subject to network fluctuations. How about encoding some data in a once-time-only cookie (ie expires immediately) with Javascript (which the server can verify). You can't copy and paste a cookie!
分享
