Header Redirect Question

[The Little Guy]

Using the php header function, and doing a redirect, like this:

 

header("Location: special.php");

 

Then in the file special.php, you do some session settings, but don't display anything on the page, then instantly redirect to another page, will any browser be able to detect that you went to special.php, and the get values that were passed to special.php?

[revraz]

Well since you are going to that page, why wouldn't it?

[The Little Guy]

Well, I was thinking that maybe it was an internal on the server redirect, since no data was being outputted.

[akitchin]

anything you put on the special.php page will be processed (up to your header() command).  provided you unset() the $_SESSION variables you set in special.php on every other page, you should be able to use those session variables as a sign that the person has just left special.php.

[revraz]

I think he's worried about the user's browser's history showing the page name.

[The Little Guy]

anything you put on the special.php page will be processed (up to your header() command).  provided you unset() the $_SESSION variables you set in special.php on every other page, you should be able to use those session variables as a sign that the person has just left special.php.

 

umm... not sure if that answers my question or not, or is even related.

 

basically I have this form, they fill it out, the form posts back to its self so your on index.php, and you fill out the form, index.php will take that, gather all the info from the fields place them into a get, and send them like so:

 

header("Location: process/special.php?field1={$_POST['field1']}&field2={$_POST['field2']}");

 

It next goes to special.php, takes those get values saves them as a session, then goes to an error page, or a success page.

 

Since process/special.php had NO output, it doesn't show up in the Firefox or internet explorer history, so does that mean that Firefox or IE had no clue that my script went to special.php? If that is the case, will all browsers not be able to detect special.php?

 

Basically I wan't to hide my "process" directory from users as best I can.

[akitchin]

sorry, i totally misunderstood the question.  a shrewd user will be able to detect this file was accessed, since they'll see two physical redirects.  whether or not they'll be able to spot which file was accessed is another matter.  if FF or IE don't record it in their history, it's simply because they couldn't log it fast enough, even though that sounds fishy.  one thing you could do to make sure they don't know it is to include() the file within the master, if that's a possibility for you.

 

including it could also allow you to pop your process directory above the webroot, where no one can access files directly.

[The Little Guy]

that sounds like a good idea.