Page 1 of 1

Blocking Header Redirects

Posted: Fri Jan 02, 2009 4:02 am
by The_Anomaly
In most of my web apps, there are pages that unauthenticated users can not access. If this conditional fails, then it redirects them with the header('Location: login.php '). or something similar.

How does this work? I mean, is it client side, in that the browser can ignore this redirect, and continue on the site? I mean, if there's a way to block the header redirect, they'd have access to the page.

In the past I've put exit after the header() for this reason, but I've never known how it works. Is it possible to stop an HTTP redirect?

Re: Blocking Header Redirects

Posted: Fri Jan 02, 2009 4:32 am
by arjan.top
it would return:
HTTP/1.1 302 ...
Location: http://www.example.com

the brwoser can ignore it (or any other client, because its client side), that is why you need to stop executing php (exit()) after redirect

Re: Blocking Header Redirects

Posted: Fri Jan 02, 2009 8:42 am
by kaisellgren
arjan.top wrote:it would return:
HTTP/1.1 302 ...
Location: http://www.example.com

the brwoser can ignore it (or any other client, because its client side), that is why you need to stop executing php (exit()) after redirect
Or put them in a block like

Code: Select all

<?php
 
if ($logged)
 {
  // Do things
 }
else
 header('Location: login.php');
 
?>
Common thing that I do is:

Code: Select all

header('Location: login.php');
die('Your browser do not support header redirections. <a href="login.php">Click here to login</a>.');