When to use $_SERVER["REQUEST_URI"] and why?
I had this question after viewing Reverse asset logic not working.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
$_SERVER["REQUEST_URI"] is the current page you are on. In your previous question you had...
$_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];
The question is far too broad for a simple answer.
The server variable in question stores the full request URI for the current page - the uses for this information are varied including but not limited to
- Page Tracking
- Redirection (example after sign on)
- Routing
The server variable in question stores the full request URI for the current page - the uses for this information are varied including but not limited to
- Page Tracking
- Redirection (example after sign on)
- Routing
In the context of this article, the "entry URI" is the web address of the page that was used to enter the web site, whether or not the client is presently logged in. Here's why this matters.
Let's say you have visited the site, logged in, and found an access controlled page that you want to share with a colleague, or that you want to bookmark. The link to that page does not contain your login information; the page remains password protected. So if you send me the link, when I visit the page, the access control routines will see that I do not have the session indicator that I'm logged in. The access control routines will store the entry URI and send my browser to the login page. After the login is successful, the site will redirect the browser back to the entry URI page.
Without this scheme, the client browser does not know where to go after the login is complete. Some sites might send you to the home or "welcome" page, but if that's what you want, why not just bookmark the home page? The point of the design is to preserve the access control environment and at the same time give the client as much control as possible, resulting in a sensible design for both the client and server.
If you've checked the "remember me" box, there is a separate cookie that tells the site that you have already been authenticated, and no separate login is needed until the cookie expires.
Let's say you have visited the site, logged in, and found an access controlled page that you want to share with a colleague, or that you want to bookmark. The link to that page does not contain your login information; the page remains password protected. So if you send me the link, when I visit the page, the access control routines will see that I do not have the session indicator that I'm logged in. The access control routines will store the entry URI and send my browser to the login page. After the login is successful, the site will redirect the browser back to the entry URI page.
Without this scheme, the client browser does not know where to go after the login is complete. Some sites might send you to the home or "welcome" page, but if that's what you want, why not just bookmark the home page? The point of the design is to preserve the access control environment and at the same time give the client as much control as possible, resulting in a sensible design for both the client and server.
If you've checked the "remember me" box, there is a separate cookie that tells the site that you have already been authenticated, and no separate login is needed until the cookie expires.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial