Secure redirection?



Hi,

I'm building a login system with AJAX/PHP/MySQL.

I have worked everything out... AJAX is sending request to a php login
script (login.php) who if authentication passes initializes the session and
sends the header using header("Location : registered_user_area.php");

The whole system works great without AJAX, but when I put AJAX in the story
I ahve one problem:

1.When the user is successfully authenticated the login.php sends the
header, but the AJAX XMLHttpRequest call is still in progress waiting for a
PHP response. So when PHP using the header function redirects to another
page that page is outputed to the login form...

My PHP login snippet is:
if ($res_hash == $u_pass) {

$logged_user = $sql_execution->last_query_result->user;

$sql_execution->exec_query("DELETE FROM seeds",false);

$sql_execution->db_disconnect();

session_start();

$_SESSION['user'] = $logged_user;

$host = $_SERVER['HTTP_HOST'];

$url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/mpls/index.php';

header("Location: http://$host$url";); //--That page
($host$url) is outputed in the login form...

exit();

}

else {

$sql_execution->exec_query("DELETE FROM seeds WHERE id=$row->id",false);

$sql_execution->db_disconnect();

echo 'BLS'; //--This is sent when the password/username is
wrong

exit();

}

???

Any help greatly appreciated

Thank you!


.