gcan
msg:4317802 | 8:11 am on May 26, 2011 (gmt 0) |
anyone?
|
phranque
msg:4318441 | 8:05 am on May 27, 2011 (gmt 0) |
providing a Location: header in PHP without specifying a status code defaults to a 302.
this is equivalent to:
header('HTTP/1.1 302 Found');
header("Location: http://www.example.com/login.php");
note that the Location: header should contain an absolute url.
the search engine isn't going to see any content that is behind a login, so it probably makes sense to noindex the login.php url or at least exclude the bot from crawling that path with a robots.txt entry.
the 401 status code specifies that HTTP authentication is required and the only response header appropriate for that status code is WWW-Authenticate.
when challenged to authenticate with a 401, the browser handles the authentication and this is different from the html login form which would be served by the /login.php url.
|
gcan
msg:4318461 | 9:36 am on May 27, 2011 (gmt 0) |
phranque, thank you for your answer.
| note that the Location: header should contain an absolute url. |
|
What happends if header doesn't contain an absolute url?
Header("Location: /login.php");
|
phranque
msg:4318882 | 1:56 am on May 28, 2011 (gmt 0) |
that is user-agent-dependent behavior.
a modern browser will likely make the proper best guess if you fail to provide an absolute url.
however do you want to risk an unintended redirect by a search engine crawler when you provide an ambiguous response?
conformance to protocol is a better solution.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30 [w3.org]:
| The (Location response-header) field value consists of a single absolute URI. |
|
|
gcan
msg:4318929 | 8:00 am on May 28, 2011 (gmt 0) |
Thank you.
|
|
