--- Jason Wong <[EMAIL PROTECTED]> wrote: > Use an absolute URL for header redirects.
Glad to see someone else preaching the good HTTP gospel. :-) > You're passing the session id (SID) onto script2 but not to > script3, if that's the only method by which you're propagating > the session id then script3 is not going to have a session. I think Jason hit the nail on the head with this one, but you might not understand the answer. While script3.php might seem to be within script2.php, due to the visual layout you're providing with the iframe, this is completely independent of the technical implementation, which is that each is a separate resource. If that's confusing, think of an iframe as a little embedded browser. If it fails to properly identify itself (via cookie or URL), then there is no existing session to resume. Your call to session_start() will actually create a new session every time script3.php is requested. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming December 2004 http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php