Use ob_start() at the top of script. (Before calling session_start()) It will do what you want. You may want to flush output buffer. Refer to output buffering functions for details. Regards, -- Yasuo Ohgaki <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > > please correct me if I'm wrong, but it seems that in PHP 4, after calling > session_start(), you are stuck with serving an HTML page. > > What if you want to call session_start(), but you want to send headers > after the session has started? for example, I'd like to deliver a > downloadable file, but before I deliver that file, I'd like to check the > user's session and make sure that the user is logged in and that the user > has proper authorization to access the file. > > I've got a workaround for this problem (see below). However, I would prefer > to handle the problem with the built-in session handling functions. Does > anyone know if this can be done? > Thanks > -Matt > <?php > /**** > this page serves a request to download a file. The file should > not be served unless the user has authorization to view this file. To > check that authorization, the user must be logged in > ****/ > function my_session_start() { > // decode session data, if any > if($GLOBALS["PHPSESSID"]) { > $fname = "/tmp/sess_".$GLOBALS["PHPSESSID"]; // file path hardcoded > for this example > $fcontents = @file($fname); > if($fcontents) { > $fcontents = implode("", $fcontents); > include("User.phpc"); // defines the User object stored in the session > session_decode ($fcontents); > } > } > } > /**** start processing the page > get session data, and still allow content type headers to be sent. > why doesn't the built-in session_start() allow this? > ****/ > my_session_start(); > $s_user = &$HTTP_SESSION_VARS["s_user"]; > if(!$s_user) { > $err = "user not logged in"; > } else { > // pseudo code from here on > if(!$s_user->has_authorization_to_download_requested_file()) { > $err = "user not logged in, or has no authorization to download this > file"; > } else { > header("content-type: ".requested_file_mime_type()); > output_requested_file_data(); > } > } > } > if($err) echo "Error: $err"; > ?> > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
