Re: CURL ignores $_SESSION???
- From: Rik <luiheidsgoeroe@xxxxxxxxxxx>
- Date: Sun, 18 Feb 2007 17:26:38 +0100
On Sun, 18 Feb 2007 17:02:36 +0100, turnitup <same@same> wrote:
turnitup wrote:I have a security mechanism that checks that session variables are set, and if not, redirects. It seems, however, that CURL just ignores this statement and completely breaches my security.
Does anyone have any ideas how to avoid this?
It seems that CURL ignores the redirect header. I had to put an exit after that statement. Sorted now. CAVEAT REDIRECTOR!!!
Which is why redirecting should actually be done like this:
<?php
$target = 'http://example.com';
header("Location: $target");
print("You are being redirected to $target, click <a href=\"$target\">here</a> if you don't get redirected.");
exit;
?>
NOt only cURL, but all kinds of applications & browsers can choose not to directly follow your location headers. If you open pages with cURL, and you want to obey redirects from the header, use:
curl_setopt($curl,CURLOPT_FOLLOWLOCATION, true);
--
Rik Wasmus
.
- References:
- CURL ignores $_SESSION???
- From: turnitup
- Re: CURL ignores $_SESSION???
- From: turnitup
- CURL ignores $_SESSION???
- Prev by Date: Re: php4 end of life
- Next by Date: Re: php4 end of life
- Previous by thread: Re: CURL ignores $_SESSION???
- Next by thread: Re: CURL ignores $_SESSION???
- Index(es):
Relevant Pages
|
