Relying on redirection?

[sorenchr]

Hi

 

I am currently developing a portal system. When a user is logged in to the system, a number of checks are made on every secure page, making sure that the user is logged in. The checkStatus file, as i've called it, is designed to redirect the user to the logout page (which initiates a logout by itself) when anything seems out of order. The redirection occurs via the Header() function in PHP.

 

So my question is, will a malicious user be able to stop the redirection? Is there a way to make your browser deny redirection?

 

I should add, that i've already taken the precaution of putting an "exit" function, after each redirection.

[JasonLewis]

I wouldn't think it'd be possible to stop a re-direction as it happens server-side, so the user shouldn't be able to control it. Also, the exit would stop them if they did manage to stop the re-direction, but I think you should be safe that it will redirect them.

[sorenchr]

I wouldn't think it'd be possible to stop a re-direction as it happens server-side, so the user shouldn't be able to control it. Also, the exit would stop them if they did manage to stop the re-direction, but I think you should be safe that it will redirect them.

 

Alright, thanks.

[genericnumber1]

Yes, it's perfectly possible to have your browser ignore the redirect header. As for the exit? As projectfear said, it's server side, and there's nothing they can do about that... they'll just see a blank page if their browser denies the redirect.