[英]Is it safe to only redirect non logged users on php?
I'm creating a little website and i'm wondering since i had some lessons on http headers if it's safe to use such a logging algorithm : 我正在创建一个小网站,我想知道自从我在HTTP标头上获得了一些教训后,是否可以安全地使用这样的日志记录算法:
if(! isset($_SESSION["user"]) { header("location : logout.php"); } // and here i start my web page if the conditin above is not satisfied <html> ........
i think it's not because the redirection can be ignored by a web client isn't it ? 我认为不是因为Web客户端可以忽略重定向,不是吗?
it is "safe" when you exit after the redirect - in case the redirect doesn't work: 当您在重定向后退出时,它是“安全的”-以防重定向不起作用:
if(! isset($_SESSION["user"]) {
header("location : logout.php");
exit("you are not authorized!");
}
// and here i start my web page if the conditin above is not satisfied
<html> ........
Its even better to add an 'else' statement just to prevent bugs from trolling you :) 最好添加一个'else'语句,以防止bug欺骗您:)
if(!isset($_SESSION["user"]) {
header("location : logout.php");
exit("you are not authorized!");
} else { ?>
<html>...</html>
<?php } ?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.