PHP possible header redirection exploit?

I was thinking the other day, if someone is protecting their pages like this :

if(!$logged_in)
    {
        header("Location:http://mysite/login.php");
    }

    // protected content here

is there any way to ignore the HTTP Header redirect at the browser level and then开发者_运维百科 display the protected content that follows it ?

---

Yes, because using the header() function merely sets a header. The server will continue running the rest of the PHP script, rendering the protected content

You'll want to do this instead

if(!$logged_in)
    {
        header("Location:http://mysite/login.php");
        exit();
    }

---

Yes.

Any headers can be ignored.

You should kill the page exit() right after you redirect the user.

---

Not sure but the advised procedure is to follow the header with the line:

if(!$logged_in)
    {
        header("Location:http://mysite/login.php");
exit();
    }

---

Well, if you output data and your users ignore the header redirect (non-standard browser) - yes.