In most of my web apps, there are pages that unauthenticated users can not access. If this conditional fails, then it redirects them with the header('Location: login.php '). or something similar.
How does this work? I mean, is it client side, in that the browser can ignore this redirect, and continue on the site? I mean, if there's a way to block the header redirect, they'd have access to the page.
In the past I've put exit after the header() for this reason, but I've never known how it works. Is it possible to stop an HTTP redirect?
Blocking Header Redirects
Moderator: General Moderators
- The_Anomaly
- Forum Contributor
- Posts: 196
- Joined: Fri Aug 08, 2008 4:56 pm
- Location: Tirana, Albania
Re: Blocking Header Redirects
it would return:
HTTP/1.1 302 ...
Location: http://www.example.com
the brwoser can ignore it (or any other client, because its client side), that is why you need to stop executing php (exit()) after redirect
HTTP/1.1 302 ...
Location: http://www.example.com
the brwoser can ignore it (or any other client, because its client side), that is why you need to stop executing php (exit()) after redirect
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Blocking Header Redirects
Or put them in a block likearjan.top wrote:it would return:
HTTP/1.1 302 ...
Location: http://www.example.com
the brwoser can ignore it (or any other client, because its client side), that is why you need to stop executing php (exit()) after redirect
Code: Select all
<?php
if ($logged)
{
// Do things
}
else
header('Location: login.php');
?>Code: Select all
header('Location: login.php');
die('Your browser do not support header redirections. <a href="login.php">Click here to login</a>.');