Re: [PHP] session vs. header
I think I have to re-explain the problem completely. I want to use this script in a login form. Once, someone is authenticated, then I register variables for indentifying him/her through session. After I register those variables I want to redirect him/her to a page, which required authenticated users (and it's done by registering variables through session). Due to this, I decide to use header: location. Futhermore, I use IE 5.5, Apache 1.3.26, PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is the script (register globals is off, due to security and default setting in php.ini). ?php $user = $_POST['user']; $user = $_POST['password']; if (authenticate($user)) { session_start(); $_SESSION['user'] = $user; $_SESSION['password'] = $password; header('Location: http://www.mysite.com/member.php'); exit(); } else { header('Location: http://www.mysite.com/login.php'); exit(); } ? When I try this code with an authenticated user, it seemed browser don't redirect to the page I specify above. The progress bar looked like searching something then it led to an error. I don't know why this could happen. Am I missing something? Thank you. huge junk mail [EMAIL PROTECTED] wrote:Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? Thanks. = Regards, mahara __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Regards, mahara - Do you Yahoo!? HotJobs - Search new jobs daily now
Re: [PHP] session vs. header
What I've done : 1. Allow the user to login 2. Use the login.php page as its own 'form action' 3. Let the login form decide when to redirect the user to the 'destination' page. 4. force the destination page (welcome.php) to do additional authentication checking by comparing the users input to some other piece of information (session variable, cookie, database info, etc...) Pseudo code for login page ? php if $user_input = something || $more_user_info=somethingelse { header ('Location: http://www.mysite.com/welcome.php'); } ? HTML what ever the login page looks like /html Pseudo code for welcome.php: ? php if $user_input != something || $more_user_info!=somethingelse { header ('Location: http://www.mysite.com/login.php'); } ? HTML what ever the welcome page looks like /html -Original Message- From: huge junk mail [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, November 06, 2002 9:03 AM Subject: Re: [PHP] session vs. header I think I have to re-explain the problem completely. I want to use this script in a login form. Once, someone is authenticated, then I register variables for indentifying him/her through session. After I register those variables I want to redirect him/her to a page, which required authenticated users (and it's done by registering variables through session). Due to this, I decide to use header: location. Futhermore, I use IE 5.5, Apache 1.3.26, PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is the script (register globals is off, due to security and default setting in php.ini). ?php $user = $_POST['user']; $user = $_POST['password']; if (authenticate($user)) { session_start(); $_SESSION['user'] = $user; $_SESSION['password'] = $password; header('Location: http://www.mysite.com/member.php'); exit(); } else { header('Location: http://www.mysite.com/login.php'); exit(); } ? When I try this code with an authenticated user, it seemed browser don't redirect to the page I specify above. The progress bar looked like searching something then it led to an error. I don't know why this could happen. Am I missing something? Thank you. huge junk mail [EMAIL PROTECTED] wrote:Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? Thanks. = Regards, mahara __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Regards, mahara - Do you Yahoo!? HotJobs - Search new jobs daily now -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session vs. header
I believe the php code gets executed before html code is processed. -Original Message- From: dwalker [EMAIL PROTECTED] To: huge junk mail [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, November 06, 2002 10:44 AM Subject: Re: [PHP] session vs. header What I've done : 1. Allow the user to login 2. Use the login.php page as its own 'form action' 3. Let the login form decide when to redirect the user to the 'destination' page. 4. force the destination page (welcome.php) to do additional authentication checking by comparing the users input to some other piece of information (session variable, cookie, database info, etc...) Pseudo code for login page ? php if $user_input = something || $more_user_info=somethingelse { header ('Location: http://www.mysite.com/welcome.php'); } ? HTML what ever the login page looks like /html Pseudo code for welcome.php: ? php if $user_input != something || $more_user_info!=somethingelse { header ('Location: http://www.mysite.com/login.php'); } ? HTML what ever the welcome page looks like /html -Original Message- From: huge junk mail [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, November 06, 2002 9:03 AM Subject: Re: [PHP] session vs. header I think I have to re-explain the problem completely. I want to use this script in a login form. Once, someone is authenticated, then I register variables for indentifying him/her through session. After I register those variables I want to redirect him/her to a page, which required authenticated users (and it's done by registering variables through session). Due to this, I decide to use header: location. Futhermore, I use IE 5.5, Apache 1.3.26, PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is the script (register globals is off, due to security and default setting in php.ini). ?php $user = $_POST['user']; $user = $_POST['password']; if (authenticate($user)) { session_start(); $_SESSION['user'] = $user; $_SESSION['password'] = $password; header('Location: http://www.mysite.com/member.php'); exit(); } else { header('Location: http://www.mysite.com/login.php'); exit(); } ? When I try this code with an authenticated user, it seemed browser don't redirect to the page I specify above. The progress bar looked like searching something then it led to an error. I don't know why this could happen. Am I missing something? Thank you. huge junk mail [EMAIL PROTECTED] wrote:Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? Thanks. = Regards, mahara __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Regards, mahara - Do you Yahoo!? HotJobs - Search new jobs daily now -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session vs. header
huge junk mail wrote: Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? You can, and you should not get any errors from PHP. The reason someone suggested that this can confuse the browser is as follows: 1. When you initiate a session, PHP tells Apache to send a Set-Cookie header (assuming you are using the default session settings). 2. When you manually set a Location header, the HTTP response status code changes from 200 OK to 302 Moved Temporarily. So, at least in the past, some Web browsers would ignore Set-Cookie headers that are sent in a response that basically says, Hey, that thing you are looking for is over here now. Also, in some scripting languages (I believe in PHP as well, but I am not positive), the Set-Cookie headers would not even be included when you changed the status code like this, so it didn't matter what the browser thought. I have found that this problem appears to be fading fast, and I have recently used this combination without any user complaints (yet). :-) What problem are you experiencing? Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session vs. header
Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? Thanks. = Regards, mahara __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session vs. header
Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? What is your exact code? I do this all the time and don't have any trouble with it. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session vs. header
huge junk mail wrote: Can someone tell me why I can't have $_SESSION['foo'] = 'content of foo'; following by header('Location: http://www.mysite.com'); Someone from www.php.net told me that it can confuse browser (http://bugs.php.net/19991). But, still I can't the idea why it can happen. Does register session means sending a 'header: location' too? no, sessions never send location headers, they may send cookies but not location. -js Thanks. = Regards, mahara __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php