Reputation: 9
delay or prevent loading until php script / javascript has fully executed
I have an Auth script at top of my php/html pages on my website to redirect people when they try to access protected content without being logged in. The issue I am having is that content in the protected area link is unintentionally loaded and in a flash information can be seen before the window.location.href redirects user to the default login page. This creates a security vulnerability where protected info can be seen for a fraction of a second on whatever page they are trying to access from the outside.
Is there a way to make it so the protected content doesn't load until after the auth script is thoroughly executed?
- The script below is at the top of all my protected pages:
require_once('userSessionAuth.php')
- In ^the above script^ I have a:
alert("You are not logged in!");
window.location.href="http://example.com/customerlogin.php";
^^All the protected content is listed after these two lines on all my protected pages.
Upvotes: 0
Views: 104
Answers (2)
Reputation: 19539
Do the redirect on the server side instead of returning any content to the client:
<?php
// check for auth, if not authenticated then:
header('Location: "http://example.com/customerlogin.php');
exit;
?>
Docs here: http://php.net/manual/en/function.header.php
Upvotes: 3
Related Questions
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- How to show Page Loading div until the page has finished loading?
- Execute script after specific delay using JavaScript
- How to postMessage into iFrame?
- JavaScript alert window after php script executed
- How to redirect users to login page if they haven't logged in?
- Can I stop my HTML page from loading until after my Facebook login status script has run?
- I need to prevent the page from displaying until a script is run
- Can not log out correctly PHP