Okay, so I have some code here:
<?php session_start();
if (!isset($_SESSION['blah'])) {
header('Location: foo.php'); exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset = 'utf-8' />
<title>Check Login</title>
</head>
<body>
// members only content here
</body>
</html>
So, I've found a foolproof way around using either headers or exit statements for redirects (by echoing a particular document depending on the value of an if-else statement), but using headers is a lot cleaner than echoing an entire webpage in a heredoc. (I also know I should be using HTTPS for additional security).
I have two questions.
How widespread is browser support for the
Location
header? I know I can't use it on its own by reading similar questions, but I wouldn't mind knowing anyway.Also, how reliable is the use of php's
exit()
function for maintaining system security? Does it always work, or should I just echo a HEREDOC instead when security really matters?