Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PHP Escape from Frames

Posted on 2009-12-31
4
Medium Priority
?
283 Views
Last Modified: 2012-05-08
Hi All,
My application has a function to auto-logout a user after a specified time, The problem is our application works on a "Frameset" and so when a user times out only the main frame is redirected to the login page, And when they login it creates a second frameset within the same window & so on and so forth.

Our method of redirection is "header();" in our PHP code if the $timeout variable is set.

Is there a way to make header(); redirect the entire browser rather than just the one page.

Need a rapid solution if possible :)
0
Comment
Question by:vePortal
  • 2
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
asafadis earned 2000 total points
ID: 26157168
I'd recommend a JavaScript approach.  Add a frame-buster script to the to your highest-level page (the page with all the framesets).  This way, it would be impossible to have nested frames.
0
 

Author Comment

by:vePortal
ID: 26157868
Wont work as alot of our users use non-Java enables browsers. There has to be a way of doing this!
0
 
LVL 11

Expert Comment

by:asafadis
ID: 26158355
Every individual page inside a frameset is its own page and therefore has it's own individual header, which is what PHP handles.  PHP is impervious to the other pages or even the "parent page".  As var as PHP is concerned, there is only 1 header... my header!

As far as accessibility issues with JavaScript, I agree... however using framesets also carries its own fare share of accessibility issues (among other pitfalls).  HTML 5 has actually removed the frame, frameset, and noframe element as it is a deprecated practice.

In other words, if you insist on using frames, you have to compromise, and use the JavaScript frame-buster.


HTML 5 Absent Elements:
Why frames are bad:
CSS-alternatives to frames:
0
 

Author Closing Comment

by:vePortal
ID: 31671720
Like you said, Not ideal but a sacrifice clients will need to make, I have taken a frame buster approach and perhapse in a future release will remove frames completely from the system.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question