PHP Escape from Frames

Posted on 2009-12-31
Last Modified: 2012-05-08
Hi All,
My application has a function to auto-logout a user after a specified time, The problem is our application works on a "Frameset" and so when a user times out only the main frame is redirected to the login page, And when they login it creates a second frameset within the same window & so on and so forth.

Our method of redirection is "header();" in our PHP code if the $timeout variable is set.

Is there a way to make header(); redirect the entire browser rather than just the one page.

Need a rapid solution if possible :)
Question by:vePortal
    LVL 11

    Accepted Solution

    I'd recommend a JavaScript approach.  Add a frame-buster script to the to your highest-level page (the page with all the framesets).  This way, it would be impossible to have nested frames.

    Author Comment

    Wont work as alot of our users use non-Java enables browsers. There has to be a way of doing this!
    LVL 11

    Expert Comment

    Every individual page inside a frameset is its own page and therefore has it's own individual header, which is what PHP handles.  PHP is impervious to the other pages or even the "parent page".  As var as PHP is concerned, there is only 1 header... my header!

    As far as accessibility issues with JavaScript, I agree... however using framesets also carries its own fare share of accessibility issues (among other pitfalls).  HTML 5 has actually removed the frame, frameset, and noframe element as it is a deprecated practice.

    In other words, if you insist on using frames, you have to compromise, and use the JavaScript frame-buster.

    HTML 5 Absent Elements:
    Why frames are bad:
    CSS-alternatives to frames:

    Author Closing Comment

    Like you said, Not ideal but a sacrifice clients will need to make, I have taken a frame buster approach and perhapse in a future release will remove frames completely from the system.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
    In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to dynamically set the form action using jQuery.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now