问题
I am writing a basic authorization system and I am struggling with it a bit. There are two files involved - index.php and login.php. The login form is pretty simple (it's inside index.php):
<fieldset class="right">
<label for="email">Email
<input id="email" name="email" type="text" value=""/>
</label>
<label for="password">Password
<input id="password" name="password" type="password" />
<a href="#" onclick="$('#password-box').toggle();" >Forgot your password?<span></span></a>
</label>
<div class="btn-login"><button type="submit" value="Login"></button></div>
</fieldset>
</form>
The login.php contents:
<?php
// Include the launcher file.
require_once('globals.php');
require_once(CORE . 'launcher.php');
// Collect the information sent to us.
$mail = (isset($_POST['email'])) ? $_POST['email'] : '';
$password = (isset($_POST['password'])) ? $_POST['password'] : '';
$LoginError = false;
// AUTHORIZATION STUFF HERE
if ($LoginError) {
header('Status: 200');
header('X-Test: test');
header('Location: index.php');
exit();
}
As you can see, I'm sending a custom header to the script containing the form in case there was an error during signing in. In the index.php, I'm using headers_list(), but the header I'm sending is not present in the list.
What is causing that? I've tried with php_value "output_buffering" "0" in the .htaccess file, but no success.
UPDATE After checking in Chrome, the header is being received by the browser, but is not available in PHP.
Thanks in advance.
回答1:
The redirect is sent to and processed by the client which responds by navigating to the given Location: index.php. You should not expect that the custom header is provided by the browser when it is requesting index.php from the server.
CLIENT SERVER
|------- POST login.php ------------------>|
| |
|<- 200, Location: index.php, X-Test:test -| (this is where you send the header)
| |
|------- GET index.php ------------------->| (no header from client to server)
回答2:
The headers() you specify with header() will be present in the output from server -> client. However, when doing a redirect, the browser will perform a NEW request, client -> server, and the browser is under no obligation to include your custom headers in this new request.
回答3:
I'm sending a custom header to the script containing the form
No you're not. Your sending a custom header to the client (user's browser) and the client will simply ignore/discard it.
If you need to maintain state, use a cookie/sessions or place something in the new location, e.g., header('Location: index.php?login=false');.
回答4:
The custom headers you are sending to the user are being received. But they're being discarded when the browser does the redirect because the browser isn't sending them to the redirected page. That's why you don't see them.
来源:https://stackoverflow.com/questions/10094679/php-redirect-with-custom-headers