session_start and IE

Anon

I am protecting all the images with a script the requires auth to be set.

the crappy thing is, when I call session_start(), IE craps out and doesn't get the header info. The result is it thinks the image is an html document, not a jpeg. So when you right click on the image, IE tries to save it as a bitmap.

here is the script:

<?
ini_set(default_mimetype,"image/jpeg");

session_name("ThisSession");
session_start();

$path = "/images/foo.jpg";
if ($auth->auth["uid"]) {
header("Content-type: image/jpeg");
header("Content-length: ". filesize($path));

    header("Content-Transfer-Encoding: binary");

    readfile($path);

}

Anon

sorry, this wasn't as clear as it could be.

From what I can tell, when I call session_start(), it updates the cookie by sending out header information.

What I need to do is get the values from $HTTP_SESSION_VARS without calling session_start(), or rather without session_start() sending out any header information.

is this possible?

kimgokce

Galois:

I had to disable the session.use_trans_sid parameter in PHP config for a similar script to work at all for me when handling Brio report files.

Still, I continue to have trouble using php4 session_start(). I have a script that reads files of various types, detects the file type by ext, then sends appropriate mime-type and other headers to the browser prior to delivering the file.

The file delivery script works perfectly as long as I do not call session_start() before the following:

$result = readfile($path."\x5c".$match);

When I attempt to secure the script with a similar scheme as yours (depends on reading session variables), the delivery fails for one file type in both IE and Navigator. The helper app (brio) is not seeing the headers that make it happy.

I am still looking for a solution and/or a workaround. This may be a case for storing session data in a db. I'll post any progress I make and appreciate the same from you or others sympathetic to my inexperience!

Anon

glad to see i am not the only one. I was going insane trying to figure this out. we should scour the php bug list and mails lists for anything about this.

Anon

Hi, really no solution for this? I am getting mad also !!!!!!!!!! @_@

Anon

put this line at the start of your code

session_cache_limiter("private");

should take care of it.

Anon

Un gran merci Galois, that did the trick. I appreciate your taking the time to post your resolution!