elepil
asked on
PHP Redirection question
Let's say my page makes an ajax call whose url is some other php script page (let's say process.php).
While inside process.php, I am trying to redirect to the login page, and it just won't work. I checked the Network window of Netbeans, and I see the redirection in the network stream to my login.php, but my browser page isn't changing; instead, the ajax()'s .fail() handler is getting invoked and is passed a "200 OK" . This is so bizarre, the .fail() handler is receiving the 200 OK message, but that's not supposed to be a failure because 200 means successful.
So my question is, does PHP allow redirection from a PHP script file in this context?
While inside process.php, I am trying to redirect to the login page, and it just won't work. I checked the Network window of Netbeans, and I see the redirection in the network stream to my login.php, but my browser page isn't changing; instead, the ajax()'s .fail() handler is getting invoked and is passed a "200 OK" . This is so bizarre, the .fail() handler is receiving the 200 OK message, but that's not supposed to be a failure because 200 means successful.
So my question is, does PHP allow redirection from a PHP script file in this context?
Rob
No it won't. Ajax requests cannot redirect the page based on the headers received from your php page.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rob, thanks for responding!
Bear with me, but is it possible to give me a brief explanation of why a PHP script in this context will not redirect? I'm just trying to understand.
Thanks :)
Bear with me, but is it possible to give me a brief explanation of why a PHP script in this context will not redirect? I'm just trying to understand.
Thanks :)
To keep it simple it is because it is JavaScript (not the browser's engine) doing the request and receiving the response. Firstly the response is a 200 because the communication between the client and server was all ok. When the browser gets the header to redirect, it redirects to the given address. When JavaScript gets that header, it's essentially ignored, if you choose to do something with it then so be it but it's giving you the flexibility to choose what you want to do.
The issue here is it appears that you shouldn't be trying to redirect to the login page from the process.php page. I try to have separate php pages for ajax requests compared to the actual pages you navigate to. That would mean that my ajax php pages would never redirect and only send and receive information (usually in JSON).
ASKER
Rob,
My plan was to redirect from process.php to the login page only when I detect a security breach with messages so as to confuse a hacker.
You said in your previous post:
Okay, I'd be the first to admit I'm ignorant on this. My PHP redirect deals with the header, i.e., header("Location: someURL"). I also thought headers were handled by browsers, not JavaScript. What's confusing me in this case is why the browser would reject my redirection, and what does JavaScript have to do with this?
Anyway, I'm giving you the points, and if you're too busy to explain, I would understand.
Thanks for your help.
My plan was to redirect from process.php to the login page only when I detect a security breach with messages so as to confuse a hacker.
You said in your previous post:
When JavaScript gets that header, it's essentially ignored, if you choose to do something with it then so be it but it's giving you the flexibility to choose what you want to do.
Okay, I'd be the first to admit I'm ignorant on this. My PHP redirect deals with the header, i.e., header("Location: someURL"). I also thought headers were handled by browsers, not JavaScript. What's confusing me in this case is why the browser would reject my redirection, and what does JavaScript have to do with this?
Anyway, I'm giving you the points, and if you're too busy to explain, I would understand.
Thanks for your help.
thanks for the points :)
The header is really only a request to whoever's receiving it that you should redirect to the given url. It doesn't force it to happen, the browser complies with this request because it complies with the standards governing browsers (or we wouldn't use them)
Essentially the browser isn't involved, it facilitates the connection between the JavaScript and the server but isn't involved any further than that. Different story if the browser was pointed to your "process.php" and it was sent a redirect header. Sorry it's hard to explain but essentially JavaScript isn't a browser. It can control the browser to a certain extent in which it's running but it doesn't parse html and display it nor acknowledge html headers.
The header is really only a request to whoever's receiving it that you should redirect to the given url. It doesn't force it to happen, the browser complies with this request because it complies with the standards governing browsers (or we wouldn't use them)
Essentially the browser isn't involved, it facilitates the connection between the JavaScript and the server but isn't involved any further than that. Different story if the browser was pointed to your "process.php" and it was sent a redirect header. Sorry it's hard to explain but essentially JavaScript isn't a browser. It can control the browser to a certain extent in which it's running but it doesn't parse html and display it nor acknowledge html headers.
ASKER
I thought I was going through some unique bug happening only in my system. I am glad you confirmed to me that it really won't work this way.
Thanks for help, and your efforts are appreciated as usual. :)
Thanks for help, and your efforts are appreciated as usual. :)
Not a problem and my pleasure.
AJAX is based on XMLHttpRequest which is a javascript function and not a browser navigation function. This page from Mozilla Developer Network has a lot of detail about it: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
ASKER
Dave, thanks for responding.
I always saw redirection as something that overrides everything, that is, until now. It's like you running a desktop application and Windows Update force restarts your computer, or a running Unix/Linux application's process that was killed by the administrator. In fact, I believe window.location works that way where it could abort and redirect you to wherever you want anytime, regardless of what is going on at the time. I'm just surprised redirecting from PHP does not have the same effect.
Because that was what I was trying to do. At the detection of a security breach, I wanted to kick the application back to a login page, regardless of what was happening at the time. Clearly I have to use a different strategy.
I always saw redirection as something that overrides everything, that is, until now. It's like you running a desktop application and Windows Update force restarts your computer, or a running Unix/Linux application's process that was killed by the administrator. In fact, I believe window.location works that way where it could abort and redirect you to wherever you want anytime, regardless of what is going on at the time. I'm just surprised redirecting from PHP does not have the same effect.
Because that was what I was trying to do. At the detection of a security breach, I wanted to kick the application back to a login page, regardless of what was happening at the time. Clearly I have to use a different strategy.
"window.location" is written to do that while AJAX / "XMLHttpRequest is not." If it were my pages, I would just quit on detecting a security breach. If I were to send them somewhere, it would be an error page (which I actually do on one site) or to Google.