I have a page in php that has some protection for hijacking a page(editing the browser address to go to another page), it compares some variables during the session & if there's an illegal entry, it redirects the user back to the home page.

I tried using 'header' for redirecting but it gives me this error:

Warning: Cannot add header information - headers already sent by....

Next I tried is javascript :
document.location.href='mainpage.php'

It works but .. for half a second before redirecting, the user can get a glimpse of the page, that's not supposed to happen :( I noticed that this security issue can be noticed in konqueror but not in firefox browsers. In firefox the redirection is done without showing anything.

Any suggestions on what other redirect codes I could use??

You can use the php header function to redirect, you just need to make sure you do so before writing anything to the page.

On my first big php project I spent days trying to figure out why the redirect failed, in the end the fix was to just move the redirection test and redirector up so that it ran before anything was output. That doesn't mean it has to run before any kind of statement, it just means it has to run before any statements that would doutput anything.

Hope that helps.

Be aware that windows linebreaks can cause problems on a linux server.

Lets say you have an include script, include.inc , with '<?php' as the very first characters in the script, and ?> as the last characters - BUT there is a windows line break after the '?>'. If you include this file in you php page, then PHP will send out the windows line break to the browser as if it was in-line HTML - and you would not be able to send out any headers (in code, after the include) cos they would have gone automagically with the windows linebreak.

hth
--Robin

The redirect didn't really fail, it just allowed a few seconds to go through some parts of the script, but that's just what I think happened. Users can press the stop button and take a peek, unauthorized.

edit: there aren't any line breaks either, I do all my editing in vi.