SuperSpy
Reputation: 1314
Is it safe to use header() to protect/secure a page?
Simple question really. Can I use this to safely shield a page?
user-only-page.php:
if (isLoggedIn() == false) header('Location: login.php');
isLoggedIn() returns true or false depending on weither the user is logged in or not.
- Or is there a way to ignore this header?
- Should I maybe force an
exit;?
Upvotes: 1
Views: 69
Answers (1)
user3781087
Reputation: 419
The header command is executed by the browser rather than the server, so using header relies on the users browser being complicit with your wishes.
When the page is sent to the browser, the content following the header directive is also sent, so the user has access to the remaining content.
With php, you can force the script to end using the exit (or die) function. So the following is good practice:
if (isLoggedIn() == false) {
header('Location: login.php');
exit;
}
Upvotes: 1
Related Questions
- Security issuse about header ('location: some_page.php')
- HTTP header authorization using PHP
- Is header() safe? If not what's the best alternative?
- Header(“Location:”) Safe to use?
- Header Location - return url in post - is it safe?
- Something about header() and security of forms
- PHP and custom HTTP headers, bad practice?
- PHP Is there a better way to protect my pages than using header(location)?
- Is putting $_GET in headers safe? (PHP)
- securing a webpage without headers