Server-Side Redirect in PHP

[skunk1311]

I have a Java application that I need to integrate our existing PHP website with. The vendor wants us to do a server-side redirect to allow for secure authentication and single-sign-on, but I'm not sure how to do that in PHP. The vendor explained the workflow as follows:[*]User clicks on a 'Open Application' link on our PHP site[*]The PHP application hits a page on the Java application, sending the authentication parameters[*]If successful, the PHP application sends the headers back to the user's browser, which forces a 'redirect', otherwise the PHP app displays an errorWhat this will allow would be for our PHP app to securely talk to the Java app, and the client never has to send any sort of authentication.From what I understand, .NET and Java have this capability built in, but I can't find a way in PHP to do this. Any ideas? UPDATEI'm not talking about using the header("Location: ..."); function to do a redirect. The kicker with this server-side redirect is that the app does the authentication and sends all that information back to the client so that the client is then logged in. Using header("Location: ...") just forces the browser to go elsewhere.UPDATE 2autologin.php (Simulates the user logging into an external app via curl)\[code\]// The login 'form' is at login.php$ch = curl_init('http://domain.local/login.php');// We are posting 2 variables, and returning the transfer just so it doesn't dump out// Headers are processed by the callback function processHeaders()curl_setopt($ch, CURLOPT_HEADER, false);curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'processHeaders');curl_setopt($ch, CURLOPT_POST, true);curl_setopt($ch, CURLOPT_POSTFIELDS, 'username=user&password=pass');curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);// Execute curl, close the connection, and redirect the user to a 'restricted' page$response = curl_exec($ch);curl_close($ch);header("Location: http://domain.local/restricted.php");function processHeaders($ch, $header) { // Dump the response headers to the client header($header); strlen($header);}\[/code\]login.php (Contains the 'login' form)\[code\]session_start();if($_POST) { if($_POST['username'] == 'user' && $_POST['password'] == 'pass') { $_SESSION['auth'] = 1; $_SESSION['token'] = md5(time()); } else { echo 'Auth failed'; }} else { echo 'Invalid access type';}\[/code\]restricted.php (Restricted page)\[code\]session_start();if($_SESSION['auth']) { echo 'Secret Token: '.$_SESSION['token'];} else { echo 'Please log in';}\[/code\]The idea is that the user wants to ultimately get to 'restricted.php'. 'login.php' contains the code necessary to log in. What I want to simulate is the user filling out the form on 'login.php' and logging the user into 'restricted.php'. The above snippets of code work together on my local tests (hitting autologin.php redirects to restricted.php and the secret token is printed out), but I can't seem to get it to work cross-application. The apps will be on the same domain (https://domain.com/myapp, https://domain.com:1234/vendorapp).I've never done this before in any language, I'm just going off of what my vendor has told me they've done. Apparently they've never dealt with PHP before and have no idea what to do.