On Sun, 18 Feb 2007 17:02:36 +0100, turnitup <same@samewrote:
turnitup wrote:
>I have a security mechanism that checks that session variables are set,
and if not, redirects. It seems, however, that CURL just ignores this
statement and completely breaches my security.
Does anyone have any ideas how to avoid this?
It seems that CURL ignores the redirect header. I had to put an exit
after that statement. Sorted now. CAVEAT REDIRECTOR!!!
Which is why redirecting should actually be done like this:
<?php
$target = 'http://example.com';
header("Location: $target");
print("You are being redirected to $target, click <a
href=\"$target\">here</aif you don't get redirected.");
exit;
?>
NOt only cURL, but all kinds of applications & browsers can choose not to
directly follow your location headers. If you open pages with cURL, and
you want to obey redirects from the header, use:
curl_setopt($curl,CURLOPT_FOLLOWLOCATION, true);
--
Rik Wasmus