I've been tasked to make a new login page that forces clients to touch the home page first each time they visit. It was recommended to me to try out HTTP_REFERER, to check where the client was coming from. My first pass on the page looked something like this...
<body>
<?PHP
if($_SERVER['HTTP_REFERER'] != "https://www.homepage.com/"){
header('Location: https://www.homepage.com/');
exit;
} else { ?>
//html code for login page
</body>
<?PHP } ?>
The issue I keep running into, is that... when clicking the 'login' button on the home page to enter this new login page, the new login page will seemingly run the header portion of code, and boot back to the homepage on each FIRST attempted. Clicking 'login' button a second time on the homepage won't boot back, and will instead load the page as expected. If I clear the site data from my browser (Chrome), and click login, it will boot back the first time again.
Since it didn't seem to effect people using Safari, I speculated that maybe it's Chrome loading the page before the HTTP_REFERER was setup. So I included a line of sleep(3);. This didn't help at all.
I then speculated that maybe it's HTTP_REFERER's fault, and I have since switched over to using a SESSION variable instead for the job. No good, same issue.
The last thing I tried was reorganizing the if statement to have the fail state second in order on the page. Perhaps as expected, this didn't matter either.
I feel like I must be missing something, and would appreciate any insight. Thank You.
