douhuang75397
douhuang75397
采纳率0%
2016-10-29 14:21

阻止NoRedirect的可能方法

已采纳

is there any possible way to block or reject the NoRedirect from redirecting your site to index?

because I have this php code checking if the user is logged in

if(!isset($_SESSION['user'])){
    header('Location: index.php');
}

but the problem is, if the hacker blocked the redirect link of my site then he/she can access the pages even he/she didn't login to the site.

Any possible way to prevent this?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dqayok7935 dqayok7935 5年前

    You can end execution of your php code after sending the Location header. For example:

    if(!isset($_SESSION['user'])){
        header('Location: index.php');
        die();
    }
    

    If the hacker blocks the redirect then he will see a blank page.

    点赞 评论 复制链接分享