i need to make shure that a script is not called directly and the user came from one specific other script.
whats the best way to do this?
i though about something like this:
in the first file:
Code: Select all
$_SESSION["testvalue"]=session_id()+1;
then on the script i need to be protected:
Code: Select all
if ($_SESSION["testvalue"]!=session_id()+1;){
header(...);
exit;
}
else{
...
}
but if the user visits the first page and then, goes away the variable stills be set... and then if it visits the second page after a while the values i want to fetch from $_POST might not be there anymore.
i think passing the value to check in a session variable is not the idea... any other solutions?