开发者

Are commands executed after the "header()" function in PHP?

开发者 https://www.devze.com 2023-01-19 06:59 出处:网络
For example, here: <?php session_开发者_运维技巧start(); if (!isset($_SESSION[\'is_logged_in\'])) {

For example, here:

<?php
    session_开发者_运维技巧start();

    if (!isset($_SESSION['is_logged_in'])) {
        header("Location: login.php");
        die();
    }
?>
<Some HTML content>

Is die() really necessary here ?


Is die() really necessary here ?

It is: Otherwise, the client will still get the HTML code in the response body. The header asks the client to terminate and go to the new page, but it can't force it.

The client can always continue listening to the response, and receive everything output afterwards, which is a fatal security hole e.g. when protecting sensitive data in a login area.


Yes, die() is necessary. A call to header("Location: some-location.php") sends the specified header (a 302 redirect in this case) to the browser; but it DOES NOT terminate the script. It becomes more important if the lines after the redirect statement contains PHP code which may execute unintentionally. So if want to send the redirect header and abort any further processing you must call die, exit, return or any other similar construct.

Note that it is possible to perform further processing after sending the redirect header.


Yes. Simply generating a header, even the Location header, does not terminate the current script. The HTML output will be visible in e.g. a packet sniffer.


I found that: http://www.figured-it-out.com/figured-out.php?sid=181

So according to this it seems that some browsers just stop receiving the html content and redirect directly to the new page where other browsers like IE still wait untill the loading of the page is ready.

0

精彩评论

暂无评论...
验证码 换一张
取 消