• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

PHP Redirection question

Let's say my page makes an ajax call whose url is some other php script page (let's say process.php).

While inside process.php, I am trying to redirect to the login page, and it just won't work. I checked the Network window of Netbeans, and I see the redirection in the network stream to my login.php, but my browser page isn't changing; instead, the ajax()'s .fail() handler is getting invoked and is passed a "200 OK" . This is so bizarre, the .fail() handler is receiving the 200 OK message, but that's not supposed to be a failure because 200 means successful.

So my question is, does PHP allow redirection from a PHP script file in this context?
0
elepil
Asked:
elepil
  • 6
  • 4
  • 2
1 Solution
 
RobOwner (Aidellio)Commented:
No it won't. Ajax requests cannot redirect the page based on the headers received from your php page.
0
 
RobOwner (Aidellio)Commented:
What you need to do is rethink your strategy about what you're trying to do.  If you need to be logged in to perform that action then have javascript redirect to the login page via the window.location property.
0
 
elepilAuthor Commented:
Rob, thanks for responding!

Bear with me, but is it possible to give me a brief explanation of why a PHP script in this context will not redirect? I'm just trying to understand.

Thanks :)
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
RobOwner (Aidellio)Commented:
To keep it simple it is because it is JavaScript (not the browser's engine) doing the request and receiving the response.    Firstly the response is a 200 because the communication between the client and server was all ok.  When the browser gets the header to redirect, it redirects to the given address.  When JavaScript gets that header, it's essentially ignored, if you choose to do something with it then so be it but it's giving you the flexibility to choose what you want to do.
0
 
RobOwner (Aidellio)Commented:
The issue here is it appears that you shouldn't be trying to redirect to the login page from the process.php page.  I try to have separate php pages for ajax requests compared to the actual pages you navigate to.  That would mean that my ajax php pages would never redirect and only send and receive information (usually in JSON).
0
 
elepilAuthor Commented:
Rob,

My plan was to redirect from process.php to the login page only when I detect a security breach with messages so as to confuse a hacker.

You said in your previous post:
When JavaScript gets that header, it's essentially ignored, if you choose to do something with it then so be it but it's giving you the flexibility to choose what you want to do.

Okay, I'd be the first to admit I'm ignorant on this. My PHP redirect deals with the header, i.e., header("Location: someURL"). I also thought headers were handled by browsers, not JavaScript. What's confusing me in this case is why the browser would reject my redirection, and what does JavaScript have to do with this?

Anyway, I'm giving you the points, and if you're too busy to explain, I would understand.

Thanks for your help.
0
 
RobOwner (Aidellio)Commented:
thanks for the points :)

The header is really only a request to whoever's receiving it that you should redirect to the given url.  It doesn't force it to happen, the browser complies with this request because it complies with the standards governing browsers (or we wouldn't use them)

Essentially the browser isn't involved, it facilitates the connection between the JavaScript and the server but isn't involved any further than that.  Different story if the browser was pointed to your "process.php" and it was sent a redirect header.  Sorry it's hard to explain but essentially JavaScript isn't a browser.  It can control the browser to a certain extent in which it's running but it doesn't parse html and display it nor acknowledge html headers.
0
 
elepilAuthor Commented:
I thought I was going through some unique bug happening only in my system. I am glad you confirmed to me that it really won't work this way.

Thanks for help, and your efforts are appreciated as usual. :)
0
 
RobOwner (Aidellio)Commented:
Not a problem and my pleasure.
0
 
Dave BaldwinFixer of ProblemsCommented:
AJAX is based on XMLHttpRequest which is a javascript function and not a browser navigation function.  This page from Mozilla Developer Network has a lot of detail about it:  https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
0
 
elepilAuthor Commented:
Dave, thanks for responding.

I always saw redirection as something that overrides everything, that is, until now. It's like you running a desktop application and Windows Update force restarts your computer, or a running Unix/Linux application's process that was killed by the administrator. In fact, I believe window.location works that way where it could abort and redirect you to wherever you want anytime, regardless of what is going on at the time. I'm just surprised redirecting from PHP does not have the same effect.

Because that was what I was trying to do. At the detection of a security breach, I wanted to kick the application back to a login page, regardless of what was happening at the time. Clearly I have to use a different strategy.
0
 
Dave BaldwinFixer of ProblemsCommented:
"window.location" is written to do that while AJAX / "XMLHttpRequest is not."  If it were my pages, I would just quit on detecting a security breach.  If I were to send them somewhere, it would be an error page (which I actually do on one site) or to Google.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now