header("Location:...") question

Stijn Goris wrote:

> Hi all,
>
> I have a question regarding the header function. I send a browser to a
> certain page (eg first.php ) wich sends no output to the browser.
> This page sends the browser to another page (eg second.php) with the
> header("Location:") function. second.php doesn't either send any
> output to the browser. The browser is then send to another page also
> with the header() function.
>
> Now my problem: I have to send user and password data fromfirst.php to
> second.php. Will the user be able to see the
> login.php?formGebruiker=$gebr&formPas=$pas url when redirecting or is
> this all handled on the server internalyy (since there is no output
> to the browser)?
>
> I hope you get my question
>
> regards
> Stijn

A header is sent to the browser, so the login info will be visible in
url of the redirected to page.

Have a look into sessions:
http://php.net/manual/en/ref.session.php

With sessions, only a session ID will be viewable by the user, all
other data is stored server-side.

Hi all,

I have a question regarding the header function. I send a browser to a
certain page (eg first.php ) wich sends no output to the browser. This page
sends the browser to another page (eg second.php) with the
header("Location:") function. second.php doesn't either send any output to
the browser. The browser is then send to another page also with the header()
function.

Now my problem: I have to send user and password data fromfirst.php to
second.php. Will the user be able to see the
login.php?formGebruiker=$gebr&formPas=$pas url when redirecting or is this
all handled on the server internalyy (since there is no output to the
browser)?

I hope you get my question

regards
Stijn

Stijn Goris writes:

> Hi all,
> I have a question regarding the header function. I send a browser to a
> certain page (eg first.php ) wich sends no output to the browser. This page
> sends the browser to another page (eg second.php) with the
> header("Location:") function. second.php doesn't either send any output to
> the browser. The browser is then send to another page also with the header()
> function.

> Now my problem: I have to send user and password data fromfirst.php to
> second.php. Will the user be able to see the
> login.php?formGebruiker=$gebr&formPas=$pas url when redirecting or is this
> all handled on the server internalyy (since there is no output to the
> browser)?

> I hope you get my question

I think I do. Simplified:
first.php redirects to second.php?somedata=something.
second.php redirects to third.html.
third.html displays something and doesn't redirect anywhere.

No the user won't see second.php?somedata=something, but that URL will
be passed to the browser. Redirections are not internal to the
server. The page with the 'Location:' header is sent to the browser
which then reads it and requests the URL it finds there.

If you really don't want that information escaping from the server you
should use a session to store it locally.

--

__o Alex Farran
_`\<,_ Analyst / Programmer
(_)/ (_) www.alexfarran.com