1

Possible Duplicate:
Why I have to call ‘exit’ after redirection through header(‘Location..’) in PHP?

In order to not be able to acces the mainpage.php without loggin in, I start the mainpage.php with following code:

<?php
    session_start();
    if(!isset($_SESSION['name'])){
        header("Refresh: 0; url=hauptseite_slim.php");
    }
?>
<!DOCTYPE html>
...

This does exactly what I want, but, the problem is, it is very ugly, because for a little moment, there mainpage shows up. How can I avoid this effect?

Community
  • 1
  • 1
Valentino Ru
  • 4,964
  • 12
  • 43
  • 78
  • 1
    By not outputting the page. `exit(header(..));` is commonly advised. And a `Location:` might be the better alternative. – mario Jan 07 '13 at 00:13
  • 1
    `header("location:page.php"); exit;` - The exit stops any additional code from loading. – Oliver Tappin Jan 07 '13 at 00:25
  • Just a Note...... This: if(!isset($_SESSION['name'])) Should not be used to check if user is logged in. the Session could be easily highjacked. The user should be re-validated on each page load. – ROY Finley Jan 07 '13 at 00:17
  • How do sites like ebay, facebook, and google keep a user logged in? – Boundless Jan 07 '13 at 00:21
  • By regenerating session id on each page load, calling session values, database values, and browser cookie, running them through a validation Method/Function, and returning value. – ROY Finley Jan 07 '13 at 00:24

2 Answers2

3

why dont you use header("location: hauptseite_slim.php"); ?

this is what i think the best practice :

header("location: hauptseite_slim.php");
exit;
bondythegreat
  • 1,379
  • 11
  • 18
  • Won't hinder the aforementioned page output. Also, answers ought to be more than a [one-liner](http://meta.stackexchange.com/questions/156941/one-liner-answers). If it ends in a question mark, it possibly isn't even. – mario Jan 07 '13 at 00:24
  • it's because i usually use this code to throw to one page, havent used the technique you used above, and havent compared them yet. but yes I agree with other's comments, it should add exit after to make sure the code will be halted after. will edit my answer – bondythegreat Jan 07 '13 at 00:30
-1

if you don't want the html after the if statement to be sent, just return.

 if(!isset($_SESSION['name'])){
        header("Refresh: 0; url=hauptseite_slim.php");
        return;
    }
Boundless
  • 2,444
  • 2
  • 25
  • 40