Will the PHP () & exit () header safely terminate the script before redirecting?

Question

Will the PHP () & exit () header safely terminate the script before redirecting?

Is the next safe way to only protect the user's area?

if(!isset($_SESSION['username'])){redirect(SITE_ROOT . 'st_pages/login/');}

through:

function redirect($url)
    {
        header('Location: ' . $url);
        exit('<a href="' . $url . '">Redirecting you to: ' . $url . '</a>');
    }

+2

php

Haroldo May 16 '10 at 17:39

a source to share

3 answers

The redirection part can be done this way and should be secure.

An interesting question is how safe is it to simply validate the username in the session. It depends on what the previous lines of the script are doing.

The second interesting question, of course, is how critical unauthorized access to this area will be and how much work you want to invest in security.

0

b_i_d May 16 '10 at 21:06

a source to share

I usually use:

<?php
die(header("Location: page.php"));
?>

Whatever is the best thing to do, I am not claiming! Also, as b_i_d said, I personally will not check the session by checking the username since it is not fully secure ... can sessions not be edited? Typically I would store the username and password (MD5 of course) and then run it against the database to see if an entry exists with those details.

0

Tim rogers May 16 '10 at 21:28

a source to share

Your Common Sense · Accepted Answer · 2010-05-16T17:41:19+0000

yes it is safe

although header () does not complete anything, exit () does indeed complete the script. that the sole purpose of this function is

Will the PHP () & exit () header safely terminate the script before redirecting?

More articles: