Posted by Kimmo Laine on 02/18/07 16:33

turnitup kirjoitti:
> turnitup wrote:
>> I have a security mechanism that checks that session variables are
>> set, and if not, redirects. It seems, however, that CURL just ignores
>> this statement and completely breaches my security.
>>
>> Does anyone have any ideas how to avoid this?
>
>
> It seems that CURL ignores the redirect header. I had to put an exit
> after that statement. Sorted now. CAVEAT REDIRECTOR!!!

You always have to put exit after redirection. And mind you this has
nothing to do with CURL, it's just that PHP won't stop executing a
script just because you set a header unless you say so. And remember
that this is a good feature, not a bad. You just need to be aware of it.

--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö
spam@outolempi.net | Gedoon-S @ IRCnet | rot13(xvzzb@bhgbyrzcv.arg)

• Next in forum: Re: Can't read $_SESSION variables set by previous request, AJAX
• Prev in forum: Re: php4 end of life
• Thread view: Re: CURL ignores $_SESSION???

[Reply to this message]