This is a true story, the names have been omitted to protect the innocent.
One of our client’s websites uses referring URL authentication only to allow members only to access a subscription service website that we have no control over. Using referring URL authentication is mandated BY that subscription service.
It ran fine, until all of a sudden, it didn’t run fine for some folks, but only some folks.
Turns out that Google, in the latest version of the Chrome browser, changed that browser so that referring URL authentication will only work if the end user’s browser security settings are configured in a particular way. The browser security setting may be set by the end user, or if they are on an organization’s network, it may be set by the organization. But in order for it to work, it has to be set differently than the default setting.
Client contacted us wondering why our site wasn’t working for some of their members. Fair question, so we looked into it. We contacted the vendor, they let us know the issue. We checked with Google, and the description was accurate. We checked the new setting that a Chrome user would have to make in their browser, and it does indeed fix the issue.
Sadly, beyond providing this information to the client and recommending that it also be made to their membership, we can’t do anything about this. This is sometimes how the web works. A browser changes. It impacts a web service that is connected to, but not hosted by, a domained website. It all flowed downhill, and there’s nothing that can be done from the website’s level to correct it. But often, the website maintenance professional will make the diagnosis.
So, just a reminder: Not all website “problems” are actually problems of the making – or the fixing – of the actual website.