will PHP header() & exit() securely terminate a script before redirecting?_问答_开发者

will PHP header() & exit() securely terminate a script before redirecting?

开发者 https://www.devze.com 2022-12-30 05:43 出处：网络

Is the following a secure way of protecting a user only area? if(!isset($_SESSION[\'username\'])){redirect(SITE_ROOT . \'开发者_如何学Cst_pages/login/\');}

相关专题：php

Is the following a secure way of protecting a user only area?

if(!isset($_SESSION['username'])){redirect(SITE_ROOT . '开发者_如何学Cst_pages/login/');}

using:

function redirect($url)
    {
        header('Location: ' . $url);
        exit('<a href="' . $url . '">Redirecting you to: ' . $url . '</a>');
    }

yes it is secure

though header() do not terminate anything, but exit() indeed terminate a script. that's the only purpose of this function

The redirect part can be done this way and should be secure.

The interesting question would be how secure it is to just check for the username in the session. It depends on what the previous lines of the script do.

The second interesting question is of course, how critical unauthorized access to that area would be and how much work you want to invest into security.

I normally use:

<?php
die(header("Location: page.php"));
?>

Whether or not that's the best thing to do, I make no assertion! Also, as b_i_d said, I personally wouldn't check the session by checking for a username, as it's not entirely secure...can sessions not be edited? Normally, I would store the username and the password (MD5'ed, of course) and then run that against the database to see if a record with those details exists.