Welcome to WebmasterWorld Guest from 54.226.25.231

Forum Moderators: mademetop

Message Too Old, No Replies

Redirecting to login page

     

gcan

9:44 am on May 24, 2011 (gmt 0)

5+ Year Member



What is the correct way to redirect users to a login page?

For example, user wants to access page:

http://www.mydomain.com/messages.php


file messages.php contains something like this:

if ($logged_in != '1') {
Header("Location: /login.php");
die;
}


So, if a searh engine access this page (and many other pages), there is only redirection without any comments. Is it OK so many redirections without explanations?

Maybe I need to add 401 or another header?


if ($logged_in != '1') {
Header('HTTP/1.0 401 Unauthorized');
Header("Location: /login.php");
die;
}


Thanks.

gcan

8:11 am on May 26, 2011 (gmt 0)

5+ Year Member



anyone?

phranque

8:05 am on May 27, 2011 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



providing a Location: header in PHP without specifying a status code defaults to a 302.
this is equivalent to:
header('HTTP/1.1 302 Found');
header("Location: http://www.example.com/login.php");

note that the Location: header should contain an absolute url.

the search engine isn't going to see any content that is behind a login, so it probably makes sense to noindex the login.php url or at least exclude the bot from crawling that path with a robots.txt entry.

the 401 status code specifies that HTTP authentication is required and the only response header appropriate for that status code is WWW-Authenticate.
when challenged to authenticate with a 401, the browser handles the authentication and this is different from the html login form which would be served by the /login.php url.

gcan

9:36 am on May 27, 2011 (gmt 0)

5+ Year Member



phranque, thank you for your answer.

note that the Location: header should contain an absolute url.


What happends if header doesn't contain an absolute url?

Header("Location: /login.php");

phranque

1:56 am on May 28, 2011 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



that is user-agent-dependent behavior.
a modern browser will likely make the proper best guess if you fail to provide an absolute url.
however do you want to risk an unintended redirect by a search engine crawler when you provide an ambiguous response?
conformance to protocol is a better solution.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30 [w3.org]:
The (Location response-header) field value consists of a single absolute URI.

gcan

8:00 am on May 28, 2011 (gmt 0)

5+ Year Member



Thank you.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month