Posted by Jerry Stuckle on 08/13/07 01:48

amygdala wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> schreef in bericht
> news:xqKdnb9U2fBnMyLbnZ2dnUVZ_uLinZ2d@comcast.com...
>> amygdala wrote:
>>> Rik wrote:
>>>> On Fri, 10 Aug 2007 20:07:03 +0200, amygdala <noreply@noreply.com>
>>>> wrote:
>>>>> Could it be that Opera needs some kind of body content after a
>>>>> redirection
>>>>> header? Or could it perhaps be that Opera indeed thinks that it
>>>>> should redirect back to the login page again, since it is redirected
>>>>> to a page, that redirected to the login page in the first place. lol
>>>> Possiblity 1:
>>>> Opera -> Tools -> preferences -> Advanced -> Network -> Enable
>>>> Automatic Redirection.
>>>>
>>>> It's enabled by default, but can be disabled for whatever purpose.
>>>> All the more reason why a header redirect should be accompanied by
>>>> some information one is redirected, and a script should die()/exit()
>>>> after that.
>>>> Possibility 2:
>>>> Opera get's the redirect, but still has the page with the same URL in
>>>> cache, so decides to use that one. Set some header and/or html
>>>> information these pages should not be cached.
>>>>
>>>> Possibility 3:
>>>> The script isn't terminated after the first header-redirect,
>>>> continues to run, and effectively changes the redirect by a second
>>>> header() call. Putting an echo directly after it will force the
>>>> headers to be sent, so they cannot be replaced anymore, resulting in
>>>> the first one being the only one, and thus the one obeyed by the
>>>> browser. Another example why one should die()/exit() after a redirect.
>>>>
>>>> <?php
>>>> //this will offcourse end in /second.html
>>>> header('Location: /first.html');
>>>> header('Location: /second.html');
>>>> <?php
>>>> //this will end in /first.html
>>>> header('Location: /first.html');
>>>> flush();
>>>> header('Location: /second.html');
>>> This thing still has me puzzled. What I did is the following:
>>>
>>> My SessionHandler class has the following method:
>>>
>>> public function redirect( $url )
>>> {
>>> session_write_close();
>>> header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
>>> header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
>>> header( 'Cache-Control: no-store, no-cache, must-revalidate' );
>>> header( 'Cache-Control: post-check=0, pre-check=0', false );
>>> header( 'Pragma: no-cache' );
>>> header( 'HTTP/1.0 302 Moved Temporarily' );
>>> header( 'Location: ' . $url );
>>> // this part between the comments is important
>>> echo 'You\'re being redirected to ' . $url . ' .
>>> Click <a href="' . $url. '">here</a> if it doesn\'t work';
>>> // end important part
>>> exit(); // exit doesn't really make a difference for Opera
>>> }
>>>
>>> Since I have now included the exit() statement I am sure that this is the
>>> last thing done by the application when redirecting. Also, I have added
>>> cache control headers and the likes. But still in Opera the problem
>>> persists if I leave out the echo part you see above between the comments.
>>>
>>> So, from my experience it seems as if Opera wants some body content for
>>> the redirect to work and revalidate the url I landed on before I had to
>>> log in.
>>>
>>> Does anyone have any other clue as to what might be going on here?
>>>
>>> Thanks.
>> Why are you sending a message they will never see, anyway? Normally a
>> redirect header has NO text associated with it.
>>
>> If you have your header set up appropriately, they will be redirected. All
>> the message might do is screw things up for the browser.
>>
>
> PS.: Correct me if I'm wrong, but are my headers not set up properly?
>
>

Well, I don't see why you have the session_write_close() - the session
will be closed during exit() processing, anyway.

I also don't see why you have all of the cache control stuff. It's
completely unnecessary in this case.

Keep it simple - the 302 moved and location should be all you need.

And quite frankly, I wouldn't worry about opera users who disable the
redirects. After all - if you did the redirect in the normal way
(.htaccess or httpd.conf file), they wouldn't get a message. So they
must be used to getting blank screens.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]