Solved

When to use $_SERVER["REQUEST_URI"] and why?

Posted on 2016-10-04
3
34 Views
Last Modified: 2016-10-05
I had this question after viewing Reverse asset logic not working.
0
Comment
Question by:Black Sulfur
3 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
Comment Utility
$_SERVER["REQUEST_URI"] is the current page you are on.  In your previous question you had...
$_SESSION["entry_uri"] = $_SERVER["REQUEST_URI"];

Open in new window

which saves the current page in a Session variable.  You could read that value on other pages to see where you started in the current session.  This is useful when you have more than one page that people 'land on'.  I have been using cookies to remember landing pages but that is partly because a number of the pages are just HTML and not PHP.
1
 
LVL 51

Expert Comment

by:Julian Hansen
Comment Utility
The question is far too broad for a simple answer.

The server variable in question stores the full request URI for the current page - the uses for this information are varied including but not limited to

- Page Tracking
- Redirection (example after sign on)
- Routing
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 400 total points
Comment Utility
In the context of this article, the "entry URI" is the web address of the page that was used to enter the web site, whether or not the client is presently logged in.  Here's why this matters.  

Let's say you have visited the site, logged in, and found an access controlled page that you want to share with a colleague, or that you want to bookmark.  The link to that page does not contain your login information; the page remains password protected.  So if you send me the link, when I visit the page, the access control routines will see that I do not have the session indicator that I'm logged in.  The access control routines will store the entry URI and send my browser to the login page.  After the login is successful, the site will redirect the browser back to the entry URI page.  

Without this scheme, the client browser does not know where to go after the login is complete.  Some sites might send you to the home or "welcome" page, but if that's what you want, why not just bookmark the home page?  The point of the design is to preserve the access control environment and at the same time give the client as much control as possible, resulting in a sensible design for both the client and server.

If you've checked the "remember me" box, there is a separate cookie that tells the site that you have already been authenticated, and no separate login is needed until the cookie expires.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now