All geek questions in one place

Is it good practice to use meta refresh tags for redirection instead of the header () function in php?

I need to reuse redirections in my scripts, for example, after a user logs in, I need to redirect them to the administration area, etc. But it’s inconvenient for me to always have a header function at the very top, So if I use meta update tags for my redirects, is that something that would be underestimated in accordance with best practices or is that acceptable?

function redirect($location) { echo "<meta http-equiv='refresh' content='0; url=$location' />"; }
+4
source share
4 answers

No. Wikipedia clearly states:

Updating metadata is a discouraged method for instructing the web browser to automatically update the current web page or frame after a specified time interval.

Update meta tags have some disadvantages :

  • If the page is redirected too quickly (less than 2-3 seconds), using the "Back" button on the next page may cause some browsers to return to the redirect page, in which the redirection will occur again. This is bad for usability, as it may cause the reader to β€œget stuck” on the last website.
  • The reader may or may not want to be redirected to another page, which may lead to user dissatisfaction or cause security concerns.
+8
source

I would personally use the header () function, then the user does not need to wait for another page to load.

+1
source

I personally use the header () function, but Meta just updates the page to this redirect URL, so it has a chance to kill cookies / sessions, while header() only works if nothing is sent on the site use this . Both of them have ups and downs.

0
source

It depends on your needs.

If you need to redirect the user after logging in, you should use the header redirection.

meta refresh is not recommended for the reasons mentioned above, but you can use meta refresh if necessary. for example, showing an ad on your site, and then after a certain number of seconds, you force the file to be downloaded or redirected to a new page.

here is a little script

Php

On the page

login.php displays the login form, after sending this page the data on the clearn_login_form.php page to clear the entries. clearn_login_form.php redirected to validate.php , and then validate.php redirected to admin_area/admin_main.php .

All this redirection is done to the backend, and the user will only see the login.php and admin_main.php , and if the user presses the return button in the browser, he will return to login.php

META

In meta-updates, the redirection is done on the browser / client side, which is a security risk because users will be able to see clear_login_form.php and validate.php in their URLs. also, if they hit buttom from admin_main.php , they will arrive at validate.php , from where they will again be redirected to admin_main.php

PHP is safe and fast and will hide some important file names from users where the meta is exposed, and users can perform CSRF or session attacks (if they find any holes)

Now you need to use the header on the first lines, this is a problem for you, to overcome this problem use the ob_start() function. but don't forget to put exit() right after each header command.

Note. The combination of ob_start and header() not good practice, and this confuses other programmers who work on your code. It is recommended that you use the header at the top of most locations or before any output is sent to the browser

function redirect($location) { header("location: $location"); exit(); }

0
source

Source: https://habr.com/ru/post/1333322/

More articles:


All Articles