PHP Redirecting Requests

The redirect process

Most of the time, a web application responds to a browser request by returning a page of HTML. However, sometimes a web application redirects a user to a different page instead. A common example would be after submitting an order on an e-commerce site. The form submits to one URL, pauses while the transaction completes, and then the user's browser is sent to a new URL which displays a success message.

The technical process behind the scenes is that the web server actually asks the browser to make a new, second request to that new URL.

Redirect Process:

  • Request from browser to server
  • Server responds with status code "302 Found" and a new URL
  • Browser sends a new request to the new URL
  • Server returns data from new URL

This "double-request" happens very fast, much faster than loading a typical web page. The effect feels like the second page was returned by the server as a response to the first request.


Redirects in PHP

In PHP, a page redirect is done by setting a location value in the response header and returning nothing else but that header data. Use exit to stop any remaining PHP code from executing.

<?php
  header("Location: index.php");
  exit;
?>

PHP will automatically set the correct status code ("302 Found") when the location is set in the header.

It can be helpful to put this redirect code into a function which is more easily remembered.

<?php
  function redirect_to($page) {
    header("Location: {$page}");
    exit;
  }
  
  if($logged_in != true) {
    redirect_to('index.php');
  }
?>

Output buffering

The process of redirecting a request, as described above, requires sending only a response header back to the browser. A response header is sent to the browser before any data. The header precedes the data and describes the content being sent. Any changes to the header must take place before outputting any data—not even a single character of whitespace (spaces, tabs, line returns). Once any data is sent, headers are sent and cannot be changed.

This has an important implication for writing PHP code. PHP can not allow redirecting if any data has been sent previously. Instead of redirecting, it will return a fatal error.

PHP has a feature called output buffering which is configured in the php.ini file. (It can also be turned on manually using ob_start().) It is a good idea to keep it turned for all development.

When output buffering is turned off, response data is sent immediately. When it is turned on, output buffering accumulates data in memory before sending it as a response.

Output buffering will hold the headers and data until:

  • The buffer has as much content as its configured size allows.
  • The buffer is explicitly instructed to send all accumulated data.
  • All code execution completes.

Output buffering is how we would like PHP to work—assemble a response piece by piece, send it when done. When it is turned on, web developers no longer have to worry about accidentally outputting whitespace before attempting to redirect a request. The response is held in memory providing an opportunity to edit the header.


Configuring output buffering

To turn output buffering on, open the php.ini file. Look for the setting labeled "output_buffering". Set the value to "4096", save the changes, and restart the web server.

"4096" allows the buffer to hold a little under 4000 characters before it will be full and needs to send headers and data. It is a good standard value but can be set higher if needed.

Fork me on GitHub