Does redirecting the client using the PHP header function always work in client's modern browsers?
I want to redirect users back to login page if they wrote the wrong password.
I usually use header(location: "login.php?msg=wrong password"); when they type the wrong password or something.
Does this method always work in modern browsers? what about the old ones? Is there a chance that a browser won't let the redirection happen? (If it only won't work in old browsers, then how old and which browsers?)
Is this the best way to redirect users? In the example the mentioned example, how do professional web developers solve this issue of redirecting users and sending the GET variables to that URL?
Note that I use header to redirect users both to the same page and sometimes to another page, my main concern is sending the client to a page (another page or the same) with the get variables set, to show a message on that page.
EDIT: I had no idea I have to even state this, but based on answers I think I should: Yes, I am aware that PHP is back end and works in the server and not client! I am asking that do modern browsers meaning the clients browser support the redirection that is send by the server. Obviously when I said "redirect client" in the title, I didn't mean redirect the server.
All major browsers support redirects and have done so seamlessly for 20 years.
The last browser that didn't support redirects well was Netscape 4. That was about 1997. Even then, redirects worked but:
- The screen would flash.
- The redirect URL was added to history. That meant that it was difficult to use the back button from the page after the redirect. Users would have to hit the back button twice really quick or they would end up just getting the redirect again.
Normally when you have questions about whether browsers support a feature you can can consult https://caniuse.com/. However, redirects have worked well for so long, that they don't feel that it is a browser feature even worth covering.
Redirecting to include parameters is fully supported as well. Your example redirect will work as you intend in all modern browsers.
Even though redirects work really well, they probably are not the correct solution to your particular problem. Ideally your login form would be produced by the same PHP file that checks the credentials. This would allow you to show the form again with the error message without doing any redirects. Typically redirects are use after successful login to take the user to whatever page they need to see next after logging in.
Your redirection takes place in the back end, via PHP. So it is not a matter of whether the modern browsers support it. This code runs on your (or your host's) server. It is not run in your browser, so no matter the browser edition no problems are gonna occur due to versioning.
To answer the second part of your question, in most sites there is no redirection in the case of a false password. There are some checks being run in the front/back end and then a message appears (in the same page) informing the user his/her credentials are wrong. Most of the time there is no good reason to create a whole new page just to show an error message (especially since users might want to retry, so they would have to go back to the login page, which is tiresome).
So, just make some informational message appear in the same page instead of redirecting.
Finally, using GET for sending/receiving credentials is a bad practice and I suggest using POST for any validation you want to run, especially for sensitive data like credentials.
edit
This has nothing to do with browser version but about how HTTP works.You can read more about it here but the basic premise is that
A browser, when receiving a redirect response, uses the new URL
provided and immediately loads it
Browser doing that has nothing to do with its version. It is how HTTP works.
Comments
Post a Comment