I have a page in php that has some protection for hijacking a page(editing the browser URL address to go to another page), it compares some variables during the session & if there's an illegal entry, it redirects the user back to the home page.

I tried using 'header' for redirecting but it gives me this error:


Next I tried is javascript :
document.location.href='mainpage.php'

It works but .. for half a second before redirecting, the user can get a glimpse of the page, that's not supposed to happen. I noticed that this security issue can be noticed in konqueror but not in firefox browsers. In firefox the redirection is done without continuing to load the page.

Any suggestions on what other redirect codes I could use?? or probably some way to quickly stop the page from loading before redirecting?

This should do it:
...but you already tried and got a "headers already sent" warning.
This is because it deals with http headers, not html headers. HTTP header need to be sent before any "normal" output.

So to solve it, either put the header() call before any echo-ing or html and it will work. You could also make PHP buffer its output, so the web-server will not start sending anything until the PHP-script is finished.

Search for "buffer" at http://php.net/header for more information on this.

ob_start(); worked, I also added in

echo "<!--";

after the redirection code for good measure Thanks!