1

Years ago I struggled with what I believe was a browser bug as header-redirect on post containing multipart/form-data didn't work stable enough.

By habit, I still use JS-redirect when dealing with multipart/form-data, instead of header-redirect. In essence:

echo "<script>document.location = 'receipt.php';</script>";
//instead of
header('Location: receipt.php');

Question: Are there (still) situations when header-redirects should be avoided in favour of JS-redirect (apart from specific functional reasons such as bandwith-checking etc).

UPDATE Ran in to PHP - Set cookie and redirect

Is set-cookie + redirect http compliant or not?

Also under: Why can't I set a cookie and redirect?

Community
  • 1
  • 1
Teson
  • 6,644
  • 8
  • 46
  • 69
  • 1
    Normally, not really. But It's a good fallback if there are already bytes sent and you just cannot set the header anymore. (Normally this shouldn't happen on production) - But never replaced. One JS Error, JS is off or blocked - and your redirect will not work. – CodeBrauer Oct 21 '15 at 07:48

2 Answers2

1

Basically there are three types of redirects

Header-Redirect

Use header-redirect when you dont need to show anything to the user, like a successfull post on a forum, where you redirect him directly to the thread.

Keep in mind that you can only use header-redirect if there has not been sent any output to the client, else it wont work.

JS-Redirect

Use js-redirect if you want to show something to the user, like

your request has been sent, you will be redirected in 3 seconds

in this case your code should look like this:

<script>
    setTimeout(function(){
                  document.location = 'receipt.php';
               }, 3000);
</script

Also, you can use JS-redirect if you have no control about previous code, so you cannot use a header-redirect.

JS-redirect will show up the site in the browser-history

Keep in mind that a JS-redirect will NOT work, if the user has disabled javascript.

HTML-Redirect

3rd option for redirects would be via html-meta-tag:

<meta http-equiv="refresh" content="3; URL=receipt.php">

this will redirect after 3 seconds and will also work if javascript is disabled.

I strongly recommend using header-redirects whenever possible, it's a much better user-experience

Tanuel Mategi
  • 1,253
  • 6
  • 13
1

A Javascript redirect is not HTTP compliant in any way. Any client which only understands HTTP will not be able to follow it. Even clients which do evaluate Javascript will treat it differently than they'd treat an HTTP 3xx status. For example, the redirect page will appear as a regular page in the browser's history, when this may not be desired at all. Search engines will treat the page as a regular page instead of as an interstitial. Further, a 301 Moved Permanently redirect is treated with special rules which cannot be replicated by Javascript.

The only time you would ever use a Javascript redirect is as augmentation to the regular page. E.g., you return some sort of "action successful!" page and invite the user to "click here to return to homepage" or such; on such a page it makes sense to automatically redirect to the homepage after a few seconds. But this is only a convenience addition, it's not the primary or only thing this page does.

deceze
  • 510,633
  • 85
  • 743
  • 889
  • Nice answer, in the times of IOT. – Teson Oct 21 '15 at 11:35
  • please see update on post. You seem to know your way around http (far better than me). – Teson Oct 23 '15 at 11:45
  • Your question is whether cookies on redirects are valid? Yes. As the question/answer you link to states: them not being handled correctly is actually a bug of the browser, it's been officially classified as such. – deceze Oct 23 '15 at 12:09