I have a page that I would like to be accessed only in an iframe.
I wish I could use the common javascript.
<script type="text/javascript">
if(top==self) {
top.location.href = "../index.php";
}
</script>

This works fine to redirect if the page if accessed outside the iframe.
But inside the frame I get.
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/MiniManager/header.php:7) in /var/www/MiniManager/header.php on line 17
I can see the page after this after this.. but the login functions do not work for the page.

Without the script it loads and function fine in the iframe. Logins and all.

Is there a way to do this in php and not javascript?

Like a...
if (header(Location: blahblahURLhere)) make this the top location

Is this possible?

Another possible solution...
is there a way in .htaccess or chmod.. that would prevent access to the MiniManager directory completely, unless accessed via the iframe?

To answer both of your questions in a single word: No.

PHP is a server-side language. It doesn't know what a 'frame' is, let alone how to make sure the user is using one (which is a good thing, IMO... frames have been dead for a while ).

Tank_Girl wrote:

But inside the frame I get.
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/MiniManager/header.php:7) in /var/www/MiniManager/header.php on line 17

Sounds like you just need to re-work the coding logic in header.php so that the output isn't sent until after you send the appropriate headers.

The reason for you getting the session errors is most likely because you have your Javascript code before your session_start() call in PHP. Make sure you have the session_start() call before any other output is sent to the browser. That means no tags (even the non-visible ones), no text and not even a single space.

The reason is that sessions send the session id to the browser as part of the header response to a page request. When output is sent to the browsers, PHP automatically sends down default headers. Only one set of headers can be sent down at a time, so you get the error.

Ashley you are brilliant!
I don't know why that never even occurred to me.. too close to the issue.
but when you said place it AFTER the session_start, the light went off! lol
Thank you!

<?php

$time_start = microtime(true);

// resuming login session if available, or start new one

if (ini_get('session.auto_start'));

else session_start();

//-----------------------Force Frame---------------------
echo "<script type='text/javascript'>
if (self.location == top.location &&
location.search.substring(1) != 'nf')
top.location.href = '../index.php';
</script>";

Works perfectly now. I cannot thank you enough.
I hope this will help someone else stuck in the same situation.