Well you are partly right Chris. But the client automatically sends the cookie with the HTTP request. IE your request for a cookie doesn't send a separate request header to the client.
You might want to check to see if you are accidentally outputting something else after you call session_start() (or before). I did something similar to what you are describing. I have the user log on, the php creates a file and prompts them to download. On the download page I check the session before I output anything and it works fine for me. Can you paste a bit of the non-functioning source code so that we can see the problem more clearly? ed -----Original Message----- From: Chris Boget [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 9:52 AM To: PHP General Subject: [PHP] Sessions and headers When using PHP sessions, if the user's browser supports cookies, PHP sets the session id as a cookie (so far as I understand it). So when trying to use the session ID in a script, a cookie request is sent to the browser to get the ID and assigns it to the internal variable $PHPSESSID (again, so far as I understand it). My problem is this and I'm hoping someone has come up with a workaround... When I try to use the Header() function call (which I do alot to set the content type such as PDF, doc, xl, etc), I'm getting errors opening up the file due to previous headers already having been sent - namely, the header call to get the cookie value. This problem prevents me from using sessions in scripts I write to output and open up Word, Acrobat, Excel, etc. and I am finding that to be an increasing problem as it requires that I come up with a different way to access the session data and open the script up to vulnerabilities. I've tried using ob_start() and ob_end_clean() before and after the session calls hoping that it might somehow solve my problem but it doesn't. Has anyone else come up against this problem? Have you found a workaround other than come up with a different way to do the same thing as code you already have and use to access session data? thnx, Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
