To fix this problem, you must either use a browser that supports "cookies" and enable them, or you will need to find out how to allow the passing of referrer information to the scheduling system. The scheduling system can use either of these methods, but it must have at least one of them. If your browser supports cookies and you have enabled their use, then the system will not check for referrer information. So, while cookies and referrer passing are not directly related, the system was constructed in such a way that the use of cookies will avoid checking referrer information. Consult your browser documentation to find out how to enable the use of "cookies," or the documentation for your security software to pass referrer information and follow the appropriate instructions. You do not have to do both.
Cookies are small information objects that a web server requests your browser to save on your computer. Cookies cannot contain viruses, because they are too small and are never "executed" - just passed back and forth between the server and the browser. Cookies do not send any information to the server except what the server asked them to save, so they do not pose a security risk. Servers only have access to cookies that they have asked your browser to save - cookies from other sites are never visible.
The cookie generated by the scheduling system is just a small integer that identifies you to the scheduling system and a random number generated at the time you log in. That random number is also saved in the database with your other account information. The random number from the cookie must match the random number associated with your login from the database to allow access to the system. That is how the scheduling system rejects "forged" access atttempts. The random number is discarded when you log out, effectively blocking access to the scheduling system from your account until you log in again. That's why I always encourage people to log out of their session when done using the system.
If you choose to pass referrer information through your security software, you will probably need to specify the site to which to allow the passing of referrer information. Note that the "site" part of the URL https://web.trainride.org/crewsched/ is only the web.trainride.org part. If your software wants only the site, use just the web.trainride.org part.
The Norton Internet Security (NIS) and Norton Personal Firewall manuals don't call this by the proper name of "referrer," but rather refer to this by the much too general name "Information about visited sites," which could imply lots of things besides or in addition to the referrer when the referrer is what they really meant. Symantec has a support page that describes how to make the needed change.
Referrer passing is part of the original HTTP design. All web browsers, in accordance with the standards for browser operation and the HTTP protocol, are designed to pass it. The referrer test is a crucial part of the operation of the scheduling system to keep hackers out. Some people have chosen to misuse that referrer information, so some security software has been created that, after the browser has included the referrer information, immediately takes it back out. Many sites don't care about the referrer information, but ours and some others do, which is why there are ways of allowing the referrer information to still be passed.
Once you have reconfigured your security software, or enabled your browser to accept cookies from the scheduling site, you can try again to log in.