在php上仅重定向未登录用户是否安全?
[英]Is it safe to only redirect non logged users on php?
问题描述
I'm creating a little website and i'm wondering since i had some lessons on http headers if it's safe to use such a logging algorithm : 
我正在创建一个小网站,我想知道自从我在HTTP标头上获得了一些教训后,是否可以安全地使用这样的日志记录算法:
if(! isset($_SESSION["user"]) { header("location : logout.php"); } // and here i start my web page if the conditin above is not satisfied <html> ........
i think it's not because the redirection can be ignored by a web client isn't it ? 我认为不是因为Web客户端可以忽略重定向,不是吗?
2 个解决方案
解决方案1
4 2016-04-21 19:22:47
it is "safe" when you exit after the redirect - in case the redirect doesn't work: 当您在重定向后退出时,它是“安全的”-以防重定向不起作用:
if(! isset($_SESSION["user"]) {
header("location : logout.php");
exit("you are not authorized!");
}
// and here i start my web page if the conditin above is not satisfied
<html> ........
解决方案2
1 已采纳 2016-04-21 20:00:47
Its even better to add an 'else' statement just to prevent bugs from trolling you :) 最好添加一个'else'语句,以防止bug欺骗您:)
if(!isset($_SESSION["user"]) {
header("location : logout.php");
exit("you are not authorized!");
} else { ?>
<html>...</html>
<?php } ?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
PHP重定向用户(如果未登录) - PHP redirect users if not logged in
WordPress 将非登录用户的页面重定向限制为使用 PHP 登录页面 - WordPress restricted page redirect for non logged users to login page with PHP
将登录用户重定向到特定的PHP页面 - Redirect logged in users to a specific PHP page
在Yii / PHP中跟踪未登录的用户 - Tracking non logged-in users in Yii/PHP
如何停用特定页面上未登录用户的重定向? - How to deactivate redirect for non-logged in users on specific pages?
我如何重定向未登录的用户Wordpress - How do i redirect non logged in users Wordpress
如何将未登录的用户重定向到 Wordpress 上的登录页面? - How to redirect non logged in users to Login page on Wordpress?
PHP外部JS仅适用于已登录的用户 - php external js only for logged in users
受限页面 - 仅对登录用户可见 - PHP - Restricted pages - Only visible to logged in users - PHP
php允许仅登录用户访问页面 - php allow access to pages to only logged in users
相关标签