我们应该使用 require_once 代替标头位置吗?

发布于 2024-09-06 03:21:29 字数 733 浏览 12 评论 0原文

我有这样的东西:(如果此页面需要用户登录)

if(!isset($_SESSION['usr_id'])){          //if not a logged user
    $_SESSION['redir']=curPageURL();//Saving the current page for the redirection
    header('Location: ../Session/loginFrm.php'); 
}

并且在loginFrm.php中,我们这样做:

{...after validation}    
if(isset($_SESSION['redir'])){
        header('Location: '.$_SESSION['redir']);
    }else{...}

在这个page,他们说我们应该使用类似这样的东西:

 ...
    require_once '../Session/loginFrm.php';
    exit();

这对我不起作用,会话变量现在包含包含的页面,并且不是当前页面。

你觉得怎么样?

i have somthing like this: (if this page needs the user to be logged)

if(!isset($_SESSION['usr_id'])){          //if not a logged user
    $_SESSION['redir']=curPageURL();//Saving the current page for the redirection
    header('Location: ../Session/loginFrm.php'); 
}

and in loginFrm.php, we do:

{...after validation}    
if(isset($_SESSION['redir'])){
        header('Location: '.$_SESSION['redir']);
    }else{...}

in this page, they say we should use something like this instead:

 ...
    require_once '../Session/loginFrm.php';
    exit();

This doesn't work for me, the session variable now contains the included page, and not the current page.

What do you think about?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

_失温 2024-09-13 03:21:29

他省略了一条重要的信息:重置执行上下文。

当您进行重定向时,新页面会加载并可以假定它是所请求的页面。大多数页面都是这样编写的,大多数 PHP 程序员也是这样编写页面的。这也意味着您可以通过重定向更好地控制上下文。

如果您想支持 include() 技巧,那么被包含的页面必须以完全不同的方式编写。它必须明白它现在继承一个可能包含调用文件中的垃圾的执行上下文。这也意味着用户在浏览器中看到的 URL 不会每次都相同。例如,在设置 POST 目标时,包含的页面/文件必须考虑到这一点,否则您将收到非常奇怪的错误。

他的建议背后的理由很好,但您必须在更广泛的背景下看待:主要是您需要多久发出一次重定向(而且上游连接有多慢)?由于它看起来像登录自动重定向,我的猜测是不那么频繁。人们总是习惯于重定向,因此您的重定向不太可能显得过度。因此,请推迟这个问题,直到重定向成为问题为止。

He omits an important piece of information: resetting the execution context.

When you do a redirect, the new page loads and can assume it is the page requested. Most pages are written like that and most PHP programmers write pages like that. It also means you can control the context better through the redirect.

If you want to support that include() trick, then the page being included has to be written quite differently. It has to understand that it is now inheriting an execution context that may include rubbish from the calling file. It also means that the URL the user sees in their browser is not going to be the same every time. The included page/file must account for that when setting up POST targets (for instance) or you will get very bizarre errors.

The reasoning behind his recommendation is good, but you have to look at in a wider context: principally, how often will you need to issue the redirect (but also how slow is the upstream connection)? Since it looks like a login auto-redirect, my guess would be not all that often. People are used to redirects all the time, so yours is unlikely to stand out as excessive. So put this problem off until the redirect becomes a problem.

网白 2024-09-13 03:21:29

我个人建议反对这样做。原因是内容到 url 的映射。如果您允许在任何网址上包含登录页面,那么搜索引擎应该如何索引内容(或者您如何管理内容,因为如果您收到一个网址,您会得到不同状态的不同输出)。

URL 代表统一资源定位符。它的目的是允许访问资源。这就是为什么(就我个人而言)我宁愿在内容和 URL 之间始终保持 1:1 映射(因此页面不会根据非 URL/POST 数据显示不同的内容)...

但这只是我的 0.02 美元...

I would personally recommend against that. The reason is content to url mapping. If you allow the inclusion of the login page on any url, then how are search engines supposed to index content (or how are you to manage content since if you're handed a url, you get different output for different states).

URL stands for Uniform Resource Locator. It's meant to allow access to a resource. That's why (personally) I'd rather always have a 1:1 mapping between content and URL (and hence not have pages display different things based on non-URL/POST data)...

But that's just my $0.02...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文