Re: [PHP] session vs. header

2002-11-06 Thread huge junk mail 

I think I have to re-explain the problem completely. I want to use this script in a 
login form. Once, someone is authenticated, then I register variables for indentifying 
him/her through session. After I register those variables I want to redirect him/her 
to a page, which required authenticated users (and it's done by registering variables 
through session). Due to this, I decide to use header: location. Futhermore, I use IE 
5.5, Apache 1.3.26, PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is 
the script (register globals is off, due to security and default setting in php.ini).

?php
$user = $_POST['user'];
$user = $_POST['password'];
if (authenticate($user))
{
  session_start();
  $_SESSION['user'] = $user;
  $_SESSION['password'] = $password;
  header('Location: http://www.mysite.com/member.php');
  exit();
}
else
{
  header('Location: http://www.mysite.com/login.php');
  exit();
}
?

When I try this code with an authenticated user, it seemed browser don't redirect to 
the page I specify above. The progress bar looked like searching something then it led 
to an error. I don't know why this could happen.

Am I missing something?

Thank you.

 huge junk mail [EMAIL PROTECTED] wrote:Can someone tell me why I can't have

$_SESSION['foo'] = 'content of foo';

following by

header('Location: http://www.mysite.com');

Someone from www.php.net told me that it can confuse
browser (http://bugs.php.net/19991). But, still I
can't the idea why it can happen. Does register
session means sending a 'header: location' too?

Thanks.

=
Regards,

mahara

__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Regards,

mahara


-
Do you Yahoo!?
HotJobs - Search new jobs daily now

Re: [PHP] session vs. header

2002-11-06 Thread dwalker 
What I've done :
1. Allow the user to login
2. Use the login.php page as its own 'form action'
3. Let the login form decide when to redirect the user to the 'destination'
page.
4. force the destination page (welcome.php) to do additional authentication
checking by comparing the users input to some other piece of information
(session variable, cookie, database info, etc...)

Pseudo code for login page

? php
if $user_input = something ||  $more_user_info=somethingelse {
header ('Location: http://www.mysite.com/welcome.php');
}
?

HTML
what ever the login page looks like
/html

Pseudo code for welcome.php:

? php
if $user_input != something ||  $more_user_info!=somethingelse {
header ('Location: http://www.mysite.com/login.php');
}
?

HTML
what ever the welcome page looks like
/html







-Original Message-
From: huge junk mail [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Wednesday, November 06, 2002 9:03 AM
Subject: Re: [PHP] session vs. header



I think I have to re-explain the problem completely. I want to use this
script in a login form. Once, someone is authenticated, then I register
variables for indentifying him/her through session. After I register those
variables I want to redirect him/her to a page, which required authenticated
users (and it's done by registering variables through session). Due to this,
I decide to use header: location. Futhermore, I use IE 5.5, Apache 1.3.26,
PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is the script
(register globals is off, due to security and default setting in php.ini).

?php
$user = $_POST['user'];
$user = $_POST['password'];
if (authenticate($user))
{
  session_start();
  $_SESSION['user'] = $user;
  $_SESSION['password'] = $password;
  header('Location: http://www.mysite.com/member.php');
  exit();
}
else
{
  header('Location: http://www.mysite.com/login.php');
  exit();
}
?

When I try this code with an authenticated user, it seemed browser don't
redirect to the page I specify above. The progress bar looked like searching
something then it led to an error. I don't know why this could happen.

Am I missing something?

Thank you.

 huge junk mail [EMAIL PROTECTED] wrote:Can someone tell me why I
can't have

$_SESSION['foo'] = 'content of foo';

following by

header('Location: http://www.mysite.com');

Someone from www.php.net told me that it can confuse
browser (http://bugs.php.net/19991). But, still I
can't the idea why it can happen. Does register
session means sending a 'header: location' too?

Thanks.

=
Regards,

mahara

__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Regards,

mahara


-
Do you Yahoo!?
HotJobs - Search new jobs daily now


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session vs. header

2002-11-06 Thread dwalker 
I believe the php code gets executed before html code is processed.


-Original Message-
From: dwalker [EMAIL PROTECTED]
To: huge junk mail [EMAIL PROTECTED]; [EMAIL PROTECTED]
[EMAIL PROTECTED]
Date: Wednesday, November 06, 2002 10:44 AM
Subject: Re: [PHP] session vs. header


What I've done :
1. Allow the user to login
2. Use the login.php page as its own 'form action'
3. Let the login form decide when to redirect the user to the 'destination'
page.
4. force the destination page (welcome.php) to do additional authentication
checking by comparing the users input to some other piece of information
(session variable, cookie, database info, etc...)

Pseudo code for login page

? php
if $user_input = something ||  $more_user_info=somethingelse {
header ('Location: http://www.mysite.com/welcome.php');
}
?

HTML
what ever the login page looks like
/html

Pseudo code for welcome.php:

? php
if $user_input != something ||  $more_user_info!=somethingelse {
header ('Location: http://www.mysite.com/login.php');
}
?

HTML
what ever the welcome page looks like
/html







-Original Message-
From: huge junk mail [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: Wednesday, November 06, 2002 9:03 AM
Subject: Re: [PHP] session vs. header



I think I have to re-explain the problem completely. I want to use this
script in a login form. Once, someone is authenticated, then I register
variables for indentifying him/her through session. After I register those
variables I want to redirect him/her to a page, which required
authenticated
users (and it's done by registering variables through session). Due to
this,
I decide to use header: location. Futhermore, I use IE 5.5, Apache 1.3.26,
PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is the script
(register globals is off, due to security and default setting in php.ini).

?php
$user = $_POST['user'];
$user = $_POST['password'];
if (authenticate($user))
{
  session_start();
  $_SESSION['user'] = $user;
  $_SESSION['password'] = $password;
  header('Location: http://www.mysite.com/member.php');
  exit();
}
else
{
  header('Location: http://www.mysite.com/login.php');
  exit();
}
?

When I try this code with an authenticated user, it seemed browser don't
redirect to the page I specify above. The progress bar looked like
searching
something then it led to an error. I don't know why this could happen.

Am I missing something?

Thank you.

 huge junk mail [EMAIL PROTECTED] wrote:Can someone tell me why I
can't have

$_SESSION['foo'] = 'content of foo';

following by

header('Location: http://www.mysite.com');

Someone from www.php.net told me that it can confuse
browser (http://bugs.php.net/19991). But, still I
can't the idea why it can happen. Does register
session means sending a 'header: location' too?

Thanks.

=
Regards,

mahara

__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Regards,

mahara


-
Do you Yahoo!?
HotJobs - Search new jobs daily now




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session vs. header

2002-11-06 Thread Chris Shiflett 
huge junk mail wrote:


Can someone tell me why I can't have

$_SESSION['foo'] = 'content of foo';

following by

header('Location: http://www.mysite.com');

Someone from www.php.net told me that it can confuse
browser (http://bugs.php.net/19991). But, still I
can't the idea why it can happen. Does register
session means sending a 'header: location' too?



You can, and you should not get any errors from PHP. The reason someone 
suggested that this can confuse the browser is as follows:

1. When you initiate a session, PHP tells Apache to send a Set-Cookie 
header (assuming you are using the default session settings).
2. When you manually set a Location header, the HTTP response status 
code changes from 200 OK to 302 Moved Temporarily.

So, at least in the past, some Web browsers would ignore Set-Cookie 
headers that are sent in a response that basically says, Hey, that 
thing you are looking for is over here now. Also, in some scripting 
languages (I believe in PHP as well, but I am not positive), the 
Set-Cookie headers would not even be included when you changed the 
status code like this, so it didn't matter what the browser thought.

I have found that this problem appears to be fading fast, and I have 
recently used this combination without any user complaints (yet).  :-)

What problem are you experiencing?

Chris


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] session vs. header

2002-10-30 Thread huge junk mail 
Can someone tell me why I can't have

$_SESSION['foo'] = 'content of foo';

following by

header('Location: http://www.mysite.com');

Someone from www.php.net told me that it can confuse
browser (http://bugs.php.net/19991). But, still I
can't the idea why it can happen. Does register
session means sending a 'header: location' too?

Thanks.

=
Regards,

mahara

__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session vs. header

2002-10-30 Thread 1LT John W. Holmes 
 Can someone tell me why I can't have

 $_SESSION['foo'] = 'content of foo';

 following by

 header('Location: http://www.mysite.com');

 Someone from www.php.net told me that it can confuse
 browser (http://bugs.php.net/19991). But, still I
 can't the idea why it can happen. Does register
 session means sending a 'header: location' too?

What is your exact code? I do this all the time and don't have any trouble
with it.

---John Holmes...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] session vs. header

2002-10-30 Thread Jonathan Sharp 
huge junk mail wrote:
 Can someone tell me why I can't have
 
 $_SESSION['foo'] = 'content of foo';
 
 following by
 
 header('Location: http://www.mysite.com');
 
 Someone from www.php.net told me that it can confuse
 browser (http://bugs.php.net/19991). But, still I
 can't the idea why it can happen. Does register
 session means sending a 'header: location' too?

no, sessions never send location headers, they may send cookies but not
location.

-js


 
 Thanks.
 
 =
 Regards,
 
 mahara
 
 __
 Do you Yahoo!?
 Y! Web Hosting - Let the expert host your web site
 http://webhosting.yahoo.com/
 




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php