Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!

20070403

Session redirect in php and asp

These are examples of correct ways to handle access and redirects in sessions in asp(1.0|vbs) & php.. I dont know how may times I see this done wrong..

ASP example

<%
If NOT Session("Authenticated") = 1 Then
Response.Redirect ("login.asp")
'Response.Redirect ("login.asp", true); '<= This is the same as the default
'Exit ' <= This is called with default True statemens as above
End If
%>



PHP Example
<?PHP
if ($_SESSION['access'] != "yes")
{ header(Location:login.php); /* Redirect browser */
exit; /* Make sure that code below does not get executed when we redirect. */
}
//Code Following Should not be executed unless authenticated.
echo ("secure code");
?>


Note: Since PHP 4.4.2 and PHP 5.1.2 this function prevents more than one header
to be sent at once as a protection against header injection attacks.

2 comments:

Anonymous said...

What if $_SESSION['access'] is null? or not set? or is this an assumption?

Anonymous said...

test it and see.. that's the most appropriate way.