导致重定向循环的原因是什么?
[英]What Causes A Redirect Loop?
问题描述
Here are my pages: 
这是我的网页:
Redirect Page: if user has an open session, redirect to the proper resource else redirect to login page 重定向页面:如果用户具有打开的会话,则重定向到正确的资源,否则重定向到登录页面
Login Page: if user login info is valid, redirect to $_SERVER['HTTP_REFERER'] else display login page 登录页面:如果用户登录信息有效,重定向到$ _SERVER ['HTTP_REFERER'],否则显示登录页面
When you visit the redirect page, it sees that you do not have a valid session and redirects to the login page. 当您访问重定向页面时,它会发现您没有有效的会话并重定向到登录页面。 You can then login no problems, but after authentication I receive the "This webpage has a redirect loop." 然后您可以登录没有问题,但在身份验证后我收到“此网页有一个重定向循环。” page in Chrome. Chrome页面。
It's not a true loop, since there are several ways out (IE provide valid login details and go to destination resource, provide invalid login and receive error message, etc). 这不是一个真正的循环,因为有几种方法(IE提供有效的登录详细信息并转到目标资源,提供无效登录和接收错误消息等)。 But I can see the browser's confusion (going from a to b to a again). 但我可以看到浏览器的混乱(从a到b再到a)。
Any ideas how I can solve this problem? 我有什么想法可以解决这个问题吗?
Cheers 干杯
5 个解决方案
解决方案1
5 已采纳 2010-11-23 19:39:30
$_SERVER['HTTP_REFERER'] will always be the login page since you have to load the login page right before you successfully login. $ _SERVER ['HTTP_REFERER']将始终是登录页面,因为您必须在成功登录之前加载登录页面。 So once you successfully login, the referrer is the login page, so the login page redirects you to the login page, which you still successfully logged in, so it logs you in over and over. 因此,一旦您成功登录,引用者就是登录页面,因此登录页面会将您重定向到您仍然成功登录的登录页面,因此它会一遍又一遍地登录您。
Rather than relying on $_SERVER['HTTP_REFERER'] you should probably store the page they are trying to get to in either a $_SESSION or $_COOKIE variable. 您可能应该在$ _SESSION或$ _COOKIE变量中存储他们试图访问的页面,而不是依赖$ _SERVER ['HTTP_REFERER']。 Most likely session will be better, depending upon your setup. 最有可能的会话会更好,具体取决于您的设置。
解决方案2
2 2010-11-23 19:44:17
After submitting your login details, $_SERVER['HTTP_REFERER'] is going to be the URL of your login page, since the last page the user saw was the form for them to login. 提交登录详细信息后, $_SERVER['HTTP_REFERER']将成为您登录页面的URL,因为用户看到的最后一页是他们登录的表单。
Consider storing the 'redirect to' url in the PHP Session before you redirect to the login page. 在重定向到登录页面之前,请考虑在PHP会话中存储“重定向到”URL。 You could also pass it as a parameter when you redirect to the login page, but I can see that approach having potential security flaws (such as redirecting users to another site, adding fake HTTP headers etc) 您可以在重定向到登录页面时将其作为参数传递,但我可以看到该方法存在潜在的安全漏洞(例如将用户重定向到另一个站点,添加虚假的HTTP标头等)
解决方案3
1 2010-11-23 19:42:06
My guess is: 我的猜测是:
If the user has a session, but not a valid one (eg: the session hash does not match), it gets redirected to the login page (since he has a session). 如果用户具有会话但不是有效会话(例如:会话散列不匹配),则会将其重定向到登录页面(因为他有会话)。 But when he gets there, you check if he has a session, and he does (but it's not valid), so you redirect him to the index resource. 但是当他到达那里时,你检查他是否有会话,并且他确实(但它无效),所以你将他重定向到索引资源。 There, you check if the session is valid, but it's not. 在那里,你检查会话是否有效,但事实并非如此。 So you redirect him to the login page. 所以你将他重定向到登录页面。 And so on... 等等...
How to fix it? 怎么解决? Check for session validity (not only for existence) in both the login page and the other resources. 检查登录页面和其他资源中的会话有效性(不仅仅是存在)。
And of course, if the HTTP_REFERER is login, ignore it and forward to the index resource. 当然,如果HTTP_REFERER是登录,则忽略它并转发到索引资源。
解决方案4
1 2010-11-23 19:43:31
You should always check that the $_SERVER['HTTP_REFERER'] variable contains valid data, as it is not to be trusted since user agents provides this value. 您应该始终检查$ _SERVER ['HTTP_REFERER']变量是否包含有效数据,因为它不受信任,因为用户代理提供了此值。
From the php.net manual 来自php.net手册
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
解决方案5
0 2010-11-23 19:40:54
您可以让您的登录页面一次完成重定向(无需重定向回“重定向页面”)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.