simpjd Posted May 11, 2009 Share Posted May 11, 2009 I'm making a web page that has restricted access via a login script. If the user is not logged in I use "header("Location: http://www.example.com");" to redirect the user to another "safe" page. My question is, is this safe? Can the user somehow stop or bypass the header and view the page without logging in for the client side? I would appreciate any help. Jack Quote Link to comment Share on other sites More sharing options...
Ken2k7 Posted May 11, 2009 Share Posted May 11, 2009 Safe enough. Quote Link to comment Share on other sites More sharing options...
allworknoplay Posted May 11, 2009 Share Posted May 11, 2009 I'm making a web page that has restricted access via a login script. If the user is not logged in I use "header("Location: http://www.example.com");" to redirect the user to another "safe" page. My question is, is this safe? Can the user somehow stop or bypass the header and view the page without logging in for the client side? I would appreciate any help. Jack Put an exit after it in order to make sure that nothing gets loaded. header("Location: http://www.example.com"); exit; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.