1

There are many similar question like php - Should I call exit() after calling Location: header? and do i need to use exit after header("Location: http://localhost/...");? in Stack Over Flow.

They have answers like below.

You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect.

--

You should call exit() because a header() won't automatically stop the script from executing - or if it does (I'm honestly not 100% on that), it definitely doesn't stop the script instantly.

But I can't understand that how someone skip or bypass code like header('Location: http://www.example.com/login.php') ? How someone do it? Because this is a PHP code. This code runs in server. If someone can skip/bypass this code why they can't skip/bypass exit() also?

Damith Ruwan
  • 338
  • 5
  • 18
  • 2
    Normally if I want to force redirect, I would do: `die(header('Location: redirect_url'));` because whatever coding below the redirection will be executed. Server processing is faster than redirection. – bugscoder Jun 28 '17 at 05:40
  • it depends upon the structure of the code I guess and how the code is accessed. If someone is using curl to access the code over the interwebs then they might not be following redirects perhaps – Professor Abronsius Jun 28 '17 at 05:40
  • It is not necessary.., but if you use the exit that code below does not get executed when you redirect. – Nawin Jun 28 '17 at 05:42
  • @Nawin It is necessary. It is mus. Read https://stackoverflow.com/a/44794420/7978484. It is hard to believe that as a Lead Php Developer and having 3 year + experience you did not knowing about that. – Damith Ruwan Jun 28 '17 at 08:17

1 Answers1

4

The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.

If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient.

Sumit Kumar
  • 570
  • 6
  • 16