'Check if visit has been directed with PHP Location header
I'm redirecting from page-A to page-B, like this:
header( 'Location: ' https://example.org/landingpath );
I want to detect, when landing on page-B, if I came there by above-written header-redirection - or if I simply refreshed my browser. How do I do that?
I tried adding a custom header:
header( 'TESTHEADER: foobar' ); // added it both before and after 'Location' to be sure.
header( 'Location: ' https://example.org/landingpath );
header( 'TESTHEADER: foobar' );
... But I can't see TESTHEADER in the dumps after the redirects (see dumps below).
Here is $_SERVER and getallheaders(); after the redirect:
Array
(
[PHPRC] => /home/MYSITE/fcgi-bin/../etc/php7.2
[PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[PWD] => /home/MYSITE/fcgi-bin
[SHLVL] => 0
[PHP_FCGI_MAX_REQUESTS] => 99999
[CONTENT_LENGTH] => 0
[SCRIPT_NAME] => /landingpath.php
[REQUEST_URI] => /landingpath
[QUERY_STRING] =>
[REQUEST_METHOD] => GET
[SERVER_PROTOCOL] => HTTP/1.1
[GATEWAY_INTERFACE] => CGI/1.1
[REDIRECT_URL] => /landingpath
[REMOTE_PORT] => 56999
[SCRIPT_FILENAME] => /home/MYSITE/public_html/landingpath.php
[SERVER_ADMIN] => [no address given]
[CONTEXT_DOCUMENT_ROOT] => /home/MYSITE/public_html
[CONTEXT_PREFIX] =>
[REQUEST_SCHEME] => https
[DOCUMENT_ROOT] => /home/MYSITE/public_html
[REMOTE_ADDR] => 123.123.123.123
[SERVER_PORT] => 443
[SERVER_ADDR] => 111.111.111.111
[SERVER_NAME] => MYDOMAIN.TLD
[SERVER_SOFTWARE] => Apache/2.4.18 (Ubuntu)
[SERVER_SIGNATURE] =>
Apache/2.4.18 (Ubuntu) Server at MYDOMAIN.TLD Port 443
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.9,da;q=0.8
[HTTP_ACCEPT_ENCODING] => gzip, deflate, br
[HTTP_REFERER] => https://MYDOMAIN.TLD/hard
[HTTP_SEC_CH_UA_PLATFORM] => "macOS"
[HTTP_SEC_CH_UA_MOBILE] => ?0
[HTTP_SEC_CH_UA] => " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
[HTTP_SEC_FETCH_DEST] => document
[HTTP_SEC_FETCH_USER] => ?1
[HTTP_SEC_FETCH_MODE] => navigate
[HTTP_SEC_FETCH_SITE] => same-origin
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_CACHE_CONTROL] => no-cache
[HTTP_PRAGMA] => no-cache
[HTTP_CONNECTION] => close
[HTTP_HOST] => MYDOMAIN.TLD
[SSL_TLS_SNI] => MYDOMAIN.TLD
[HTTPS] => on
[SCRIPT_URI] => https://MYDOMAIN.TLD/landingpath
[SCRIPT_URL] => /landingpath
[REDIRECT_STATUS] => 200
[REDIRECT_SSL_TLS_SNI] => MYDOMAIN.TLD
[REDIRECT_HTTPS] => on
[REDIRECT_SCRIPT_URI] => https://MYDOMAIN.TLD/landingpath
[REDIRECT_SCRIPT_URL] => /landingpath
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /landingpath.php
[REQUEST_TIME_FLOAT] => 1645074245.6675
[REQUEST_TIME] => 1645074245
)
Array
(
[Content-Length] => 0
[Accept-Language] => en-US,en;q=0.9,da;q=0.8
[Accept-Encoding] => gzip, deflate, br
[Referer] => https://MYDOMAIN.TLD/hard
[Sec-Ch-Ua-Platform] => "macOS"
[Sec-Ch-Ua-Mobile] => ?0
[Sec-Ch-Ua] => " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
[Sec-Fetch-Dest] => document
[Sec-Fetch-User] => ?1
[Sec-Fetch-Mode] => navigate
[Sec-Fetch-Site] => same-origin
[Accept] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[User-Agent] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
[Upgrade-Insecure-Requests] => 1
[Cache-Control] => no-cache
[Pragma] => no-cache
[Connection] => close
[Host] => MYDOMAIN.TLD
)
And here is $_SERVER and getallheaders(); after a refresh:
Array
(
[PHPRC] => /home/MYSITE/fcgi-bin/../etc/php7.2
[PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[PWD] => /home/MYSITE/fcgi-bin
[SHLVL] => 0
[PHP_FCGI_MAX_REQUESTS] => 99999
[CONTENT_LENGTH] => 0
[SCRIPT_NAME] => /landingpath.php
[REQUEST_URI] => /landingpath
[QUERY_STRING] =>
[REQUEST_METHOD] => GET
[SERVER_PROTOCOL] => HTTP/1.1
[GATEWAY_INTERFACE] => CGI/1.1
[REDIRECT_URL] => /landingpath
[REMOTE_PORT] => 57045
[SCRIPT_FILENAME] => /home/MYSITE/public_html/landingpath.php
[SERVER_ADMIN] => [no address given]
[CONTEXT_DOCUMENT_ROOT] => /home/MYSITE/public_html
[CONTEXT_PREFIX] =>
[REQUEST_SCHEME] => https
[DOCUMENT_ROOT] => /home/MYSITE/public_html
[REMOTE_ADDR] => 123.123.123.123
[SERVER_PORT] => 443
[SERVER_ADDR] => 111.111.111.111
[SERVER_NAME] => MYDOMAIN.TLD
[SERVER_SOFTWARE] => Apache/2.4.18 (Ubuntu)
[SERVER_SIGNATURE] =>
Apache/2.4.18 (Ubuntu) Server at MYDOMAIN.TLD Port 443
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.9,da;q=0.8
[HTTP_ACCEPT_ENCODING] => gzip, deflate, br
[HTTP_REFERER] => https://MYDOMAIN.TLD/hard
[HTTP_SEC_FETCH_DEST] => document
[HTTP_SEC_FETCH_USER] => ?1
[HTTP_SEC_FETCH_MODE] => navigate
[HTTP_SEC_FETCH_SITE] => same-origin
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_SEC_CH_UA_PLATFORM] => "macOS"
[HTTP_SEC_CH_UA_MOBILE] => ?0
[HTTP_SEC_CH_UA] => " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
[HTTP_CACHE_CONTROL] => no-cache
[HTTP_PRAGMA] => no-cache
[HTTP_CONNECTION] => close
[HTTP_HOST] => MYDOMAIN.TLD
[SSL_TLS_SNI] => MYDOMAIN.TLD
[HTTPS] => on
[SCRIPT_URI] => https://MYDOMAIN.TLD/landingpath
[SCRIPT_URL] => /landingpath
[REDIRECT_STATUS] => 200
[REDIRECT_SSL_TLS_SNI] => MYDOMAIN.TLD
[REDIRECT_HTTPS] => on
[REDIRECT_SCRIPT_URI] => https://MYDOMAIN.TLD/landingpath
[REDIRECT_SCRIPT_URL] => /landingpath
[FCGI_ROLE] => RESPONDER
[PHP_SELF] => /landingpath.php
[REQUEST_TIME_FLOAT] => 1645074268.9317
[REQUEST_TIME] => 1645074268
)
Array
(
[Content-Length] => 0
[Accept-Language] => en-US,en;q=0.9,da;q=0.8
[Accept-Encoding] => gzip, deflate, br
[Referer] => https://MYDOMAIN.TLD/hard
[Sec-Fetch-Dest] => document
[Sec-Fetch-User] => ?1
[Sec-Fetch-Mode] => navigate
[Sec-Fetch-Site] => same-origin
[Accept] => text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[User-Agent] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
[Upgrade-Insecure-Requests] => 1
[Sec-Ch-Ua-Platform] => "macOS"
[Sec-Ch-Ua-Mobile] => ?0
[Sec-Ch-Ua] => " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
[Cache-Control] => no-cache
[Pragma] => no-cache
[Connection] => close
[Host] => MYDOMAIN.TLD
)
Findings
I can see that it adds these lines after the redirect to the headers:
[HTTP_SEC_CH_UA_PLATFORM] => "macOS"
[HTTP_SEC_CH_UA_MOBILE] => ?0
[HTTP_SEC_CH_UA] => " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
And I can see that it adds these lines after the refresh to `$_SERVER:
[Sec-Ch-Ua-Platform] => "macOS"
[Sec-Ch-Ua-Mobile] => ?0
[Sec-Ch-Ua] => " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
But none of which seems like 'something to listen on'.
What is the proper way to do this, when I control both page-A and page-B?
Solution considerations
- I could set a cookie, but it seems quite excessive.
- I could set a session variable, but that too seems like a bit much
- I could pass a GET-request, but I'd like to not do this, if I can avoid it (since it's visible to the visitor in the URL).
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|