HTTP_REFERER problem

HTTP_REFERER problem

by Robert Brannan -
Number of replies: 2

I had several people on my Moodle v.1.1 try to sign on yesterday and were unable to get in.  It would go from log in to the first screen, but then when we clicked on a class, it would take us back to the log-in screen.  It never showed us logged in.

Last night, I had my ISP look at it and we decided to back up the SQL and Database stuff and re-install the v.1.2beta and see if we could fix it that way.  Now this morning, the php has been recompiled several times, deleted and re-installed the database, and all to no avail   Here is the error message:

Notice: Undefined index: HTTP_REFERER in /home/rb52/public_html/moodle/login/index.php on line 98

when trying to login to www.elderbob.com/moodle

 
This is line 98 of the index.php file
 
        $SESSION->wantsurl = $_SERVER["HTTP_REFERER"];
Can anyone tell us what we are doing wrong or how to fix this...very frustrated.
sad
elderbob
Average of ratings: -
In reply to Robert Brannan

Re: HTTP_REFERER problem

by Christian Beitzel -

elderbob,

where is the location of your server? with your isp or within your "organisation"? have you been using it within an intranet previously?

Chris

Average of ratings: -
In reply to Robert Brannan

Re: HTTP_REFERER problem

by Jon Bolton -
Picture of Particularly helpful Moodlers Picture of Testers
Elderbob, suspect this problem is related to the 'secureforms' option in Administration -> Configuration -> Variables.

Moodle can use an additional level of security when accepting data from web forms. If this is enabled, then the browser's HTTP_REFERER variable is checked against the current form address. In a very few cases this can cause problems if the user is using a firewall (eg Zonealarm) configured to strip HTTP_REFERER from their web traffic. Symptoms are getting 'stuck' on a form. If your users are having problems with the login page (for example) you might want to disable this setting, although it might leave your site more open to brute-force password attacks. If in doubt, leave this set to 'Yes'.
Average of ratings: -