I am currently working on a download script, where I use a session variable to make sure that the downloaded file cannot be linked directly.
However, this protection is not mandatory, so that a download can also be created, which can be initiated via a direct link.
So, I'm using the following for the file download:
ob_start();
$filename = $sql_result[0];
$type = $sql_result[1];
$path = $sql_result[2];
header("Content-Type: $type");
header("Content-Disposition: attachment; filename=$filename");
readfile($path);
ob_end_flush();
...which is working just fine as a standalone, but as soon as I add
session_start();
before the ob_start() call, then the download is no longer working properly.
The following happens in such a case:
if the browser window was used to click through the script and initiate the download, then the file can be downloaded properly.
if a new browser window gets opened and you try to access the file download via a direct link, then you get the filename presented for download without type and path info, e.g.:
Filename: index.php?cmd=download&id=12 Type: Path:
As soon as I comment the session_start(); it's working just fine, though and the file can be downloaded properly via direct access.
Am I right to assume, that since the session_start(); is sending headers as well, the ob_start cannot work properly anymore?
And since it only happens when you're opening a new window and try to access it directly, I assume it's related to the fact, that the session gets set at the user end with a cookie and therefor causes the problem?
Would preventing session cookies and using trans_id maybe help here?
Thanks, Duncan
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
