IE8 and HTTP_REFERER

I want to allow access to a certain page only from a given page (where the user must enter a password). Entering the URL directly in the URL field of the browser is prohibited.

I wrote the following code:

<?php
// only allow access through front door
$from = getenv("HTTP_REFERER");
if ($from != "http://www.mysite.net/password.php")
    include("http://www.mysite.net/secret_nok_tgpxFC6phBRLw1Wh.php");
else
    include("http://www.mysite.net/secret_ok_tgpxFC6phBRLw1Wh.php");
?>

This works nicely in Firefox, but IE8 opens the page even when the URL is entered in the URL field. How do I solve this? And, is my approa开发者_如何学Cch wrong?

TIA

Steven

EDIT:

from the replies I got so far I understand that the proper way to go would be to use (cookie-based) sessions. Can anyone recommend me a good tutorial on the subject? (while php.net contains some examples, it's a reference, not a tutorial)

checking referer is not the best ideas. some proxies might strip it. using cookie-bases session would be more 'civilized' approach.

You will need to use Wireshark or Fiddler to inspect your HTTP headers that Internet Explorer is sending. Once you've got that, it's a matter of working backwards with your PHP validation to find a solution that works.

That said, you might have better luck with the superglobal $_SERVER["HTTP_REFERER"]

Use sessions for checking if user is allowed to enter the protected area. IE is known for not sending HTTP_REFERER header with some security options turned on. It worked great for IE6, but now it's turned off most of the time.