Will PHP Script Be Executed After Header Redirect

Will PHP script be executed after header redirect?

Yes, the script continues to process after the call to header('Location: http://google.com') if you don't explicitly terminate it! I just tried this locally. I added test.php to a site in apache with these contents:

<?php

header('Location: http://google.com');
error_log("WE MADE IT HERE SOMEHOW");

?>

And checked my /var/log/apache2/error_log for this entry:

[Tue Feb 12 23:39:23 2013] [error] [client 127.0.0.1] WE MADE IT HERE SOMEHOW

Possibly surprising, but yes, it continues to execute if you don't halt execution.

Is code after header(Location: ...) executed?

You should always die() or exit() after the redirect (or as pointed out by Mark B, use ignore_user_abort() ) because you can't otherwise know for certain what will happen.

Though some code will get executed after a header location redirect, it's important to note that not all code after it will necessarily get executed.

As per your example, yes, some_value will equal 5. But at some point the script will get prematurely terminated.

Take the following example:

session_start();
$_SESSION["some_value"] = 'original value';
header("Location: /index.php/test2");

$start_time = microtime(true);

for($i = 0; $i <= 100000; $i ++)
{
    password_hash($i);  // slow it down
    $_SESSION["some_value"] = $i;   
    $_SESSION['time'] = microtime(true) - $start_time;
}

$_SESSION['some_value'] = 'finished!';

If all the other answers were correct, you'd assume $_SESSION['some_value'] would equal 'finished!' -- but I ran the code and this is not the case.

Here are my results:

some_value: 174
time: 0.0026998519897461

Trial two:

some_value: 218
time: 0.0033109188079834

Trial three:

some_value: 218
time: 0.0035371780395508

Trial four:

some_value: 174
time: 0.0026431083679199

Trial five:

some_value: 174
time: 0.0027921199798584

If I implement ignore_user_abort(TRUE); in the above script then some_value does equal "finished!" so keep that in mind if you intend to do something critical like logging or database queries or sending emails after the redirect.

Will all code after redirect header in PHP always get executed?

Using the header function in PHP only adds to the headers of the response returned by the server. It does not immediately send any data and does not immediately terminate the connection. Any code after the header call will be executed.

In particular, it's a good idea to add a response body even after doing a 301 redirect so that clients that do not support the redirect also get some descriptive response. Infact according to the HTTP 1.1 specification Section 10.3.2 -

Unless the request method was HEAD, the entity of the response SHOULD
contain a short hypertext note with a hyperlink to the new URI(s). If
the 301 status code is received in response to a request other than
GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user, since this might
change the conditions under which the request was issued.

Why I have to call 'exit' after redirection through header('Location..') in PHP?

could the code after the header-location call be effectively executed?

Yes, always. The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.

That is easy enough to do with a command-line client like wget, for example, by simply telling it not to follow redirects.

Bottom line: If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient without any special hacking skills.

Why the code execute after redirection

You need to put an exit; after the header call; PHP does not automatically stop executing code after the client stops loading the page.

Should I use return; after a header()?

header("Location: ......"); exit; is a fairly common pattern.

php - Should I call exit() after calling Location: header?

You definitely should. Otherwise the script execution is not terminated. Setting another header alone is not enough to redirect.

How long after sending a header('Location: ...') command will the PHP script process?

No way to tell. If the starts are aligned properly, the header coud be sent to the client browser immediately and the bowser will start closing the current connection and request the new URL immediately. This'll cause the current PHP script to start shutting down.

On the other hand, if the caches are slow and the network glitchy, the client browser may not get the redirect header for seconds/minutes/hours, and the script could continue executing indefinitely.

In general you should assume that the moment you've issued a header redirect that the script is basically "walking dead" and should not do any further work.

The sole exception to this rule is that you CAN use ignore_user_abort(TRUE), which tells PHP to NOT shut down when the remote user disconnects. That'd allow you to continue on working even though the browser has shut down the connection and moved on to the new page.

---

Related Topics