Here are my pages:

Redirect Page: if user has an open session, redirect to the proper resource else redirect to login page

Login Page: if user login info is valid, redirect to $_SERVER['HTTP_REFERER'] else display login page

When you visit the redirect page, it sees that you do not have a valid session and redirects to the login page. You can then login no problems, but after authentication I receive the "This webpage has a redirect loop." page in Chrome.

It's not a true loop, since there are several ways out (IE provide valid login details and go to destination resource, provide invalid login and receive error message, etc). But I can see the browser's confusion (going from a to b to a again).

Any ideas how I can solve this problem?



The problem is probably with $_SERVER['HTTP_REFERER'], you might wanna use actual paths here.. ?? What if my Referrer is your Redirect Script and i have a Valid Session, it'll see that the session is valid and Redirect me to the previous Redirect script.. I hope i got your application architecture right

Written by Jasdeep Singh

Accepted Answer

$_SERVER['HTTP_REFERER'] will always be the login page since you have to load the login page right before you successfully login. So once you successfully login, the referrer is the login page, so the login page redirects you to the login page, which you still successfully logged in, so it logs you in over and over.

Rather than relying on $_SERVER['HTTP_REFERER'] you should probably store the page they are trying to get to in either a $_SESSION or $_COOKIE variable. Most likely session will be better, depending upon your setup.

Written by Jeff Davis
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the community.
It is licensed under cc-wiki