1

There are many similar question like php - Should I call exit() after calling Location: header? and do i need to use exit after header("Location: http://localhost/...");? in Stack Over Flow.

They have answers like below.

You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect.

--

You should call exit() because a header() won't automatically stop the script from executing - or if it does (I'm honestly not 100% on that), it definitely doesn't stop the script instantly.

But I can't understand that how someone skip or bypass code like header('Location: http://www.example.com/login.php') ? How someone do it? Because this is a PHP code. This code runs in server. If someone can skip/bypass this code why they can't skip/bypass exit() also?

Improve this question
4
  • 2
    Normally if I want to force redirect, I would do: die(header('Location: redirect_url')); because whatever coding below the redirection will be executed. Server processing is faster than redirection. Commented Jun 28, 2017 at 5:40
  • it depends upon the structure of the code I guess and how the code is accessed. If someone is using curl to access the code over the interwebs then they might not be following redirects perhaps Commented Jun 28, 2017 at 5:40
  • It is not necessary.., but if you use the exit that code below does not get executed when you redirect. Commented Jun 28, 2017 at 5:42
  • @Nawin It is necessary. It is mus. Read stackoverflow.com/a/44794420/7978484. It is hard to believe that as a Lead Php Developer and having 3 year + experience you did not knowing about that. Commented Jun 28, 2017 at 8:17

1 Answer 1

Reset to default
4

The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.

If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, Now I understood it. But how someone preventing the header command from executing?
it can be prevented with a command-line client like wget, by simply telling it not to follow redirects.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.