In my application, all URLs are a PHP scriptlet that looks like this:
<?php echo Constants::URL_LOGIN ?>
I left my browser on a page in my application for days, and when I tried to click a link, the URL on the browser looked like: /public/<?php echo Constants::URL_LOGIN?>. Needless to day, that won't work and caused an ugly and ungraceful error message on the page (something like Access Forbidden, which is insignificant because I know the URL is messed up).
First of all, I'm puzzled because the value in that scriptlet is not in the Session. So even if the session had expired, why would that be affected?
Secondly, this type of outcome is not acceptable in my application. If the session expires, I would want it to go to my login.php page.
Can someone please explain to me this seemingly anomalous behavior, and please provide me a way to get around this gracefully so that I can cleanly bring my application to my login.php without displaying the browser's ugly nasty error message?