tags:

views:

159

answers:

2
+1  Q: 

When I export files with php/html my session data resets

I have a web-based system built with user login data based on session variables.

Sometimes when a user is logged in and tries to export tables to csv or xls the session data seems to wipe and the user is 'kicked out' of the system.

This is the header code I'm using to serve the file.

    header("Pragma: public");
    header("Expires: 0");
    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
    header("Content-Type: application/force-download");
    header("Content-Type: application/octet-stream");
    header("Content-Type: application/download");
    header("Content-Disposition: attachment;filename=file.xls");
    header("Content-Transfer-Encoding: binary ");

If it helps it seems to be more prevalent on ie6. I was wondering if anyone has had similar issues.

This is the latest header I've tried. Still no luck. Also tested the exact same procedure in FF/Opera/Safari and they're fine.

header('Cache-Control: no-store, private, no-cache, must-revalidate');     // HTTP/1.1
 header('Cache-Control: pre-check=0, post-check=0, max-age=0, max-stale = 0', false);  // HTTP/1.1
 header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');                  // Date in the past  
 header('Expires: 0', false); 
 header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
 header('Pragma: no-cache');
 header("Content-Type: application/vnd.ms-excel");
 header("Content-Disposition: attachment;filename=$fileName");
            header("Content-Transfer-Encoding: binary ");
+3  A: 

The Pragma: public header is completely inappropriate for logged-in users and isn't going to help anything.

I'm also a bit baffled as to why you're using so many Content-Type headers. Choose one and one only.

Finally, those are the headers you're explicitly setting... You don't have any calls to session_destroy or setcookie floating around do you?

searlea  2009-09-03 14:55:30
Thanks for the response, no their definitely no calls to destroy the session, I'll give your suggestions a shot and see how it goes.
Shane  2009-09-03 14:59:57
If the issue lies with serving publicly-cached pages to logged-in users, you may want to check-out answers on this other thread: http://stackoverflow.com/questions/49547/making-sure-a-webpage-is-not-cached-across-all-browsers
searlea  2009-09-03 15:26:22
Hmm that definitely doesn't work. Even when I remove most of the headers, we definitely don't have session_destory or setcookie being called. Is there any other calls the system could make to cause such issues? To elaborate if I open ie6, log in and press Export to Xls I'm kicked out. I re-login again and press export to Xls, the file is served perfectly fine.
Shane  2009-09-03 15:49:40
What do you mean by 'kicked out?' As you're using `Content-Disposition: attachment` the browser shouldn't even be refreshing the page - so could it be your next action that's logging you out, not the download action?
searlea  2009-09-03 16:15:52
By kicking out I mean all SESSION data is wiped and the user is forwarded to the front-page. I agree that because it's Content-Disposition: attachment the browser shouldn't refresh, but basically what occurs is:1) Display headers2) Generate a long string that stores the XLS3) Pack it using this return pack("ss", 0x0A, 0x00); 4) echo the xls out. More often that not this sequence works fine, I haven't noticed it at all in firefox but everytime I call it in ie6(the first time anyway) the users SESSION is wiped.
Shane  2009-09-03 16:33:24
Which `Content-Type` did you go with in the end, and did you ever consider `application/vnd.ms-excel` since that's what you're supposedly generating? (Fixing/choosing the right Content-Type might be enough to make IE behave...)
searlea  2009-09-03 16:45:36
Sorry never saw your last comment(until I realised you needed to press another button), will give this a shot now. Thanks!
Shane  2009-09-04 12:59:36
Newest header is up on the main post.
Shane  2009-09-04 13:32:26
If you want more eye-balls to help you, you might want to clarify the main question with the following info: 1. Does the problem occur in all browsers? 2. Have you seen the problem yourself. 3. What exactly happens - XLS is downloaded and opens in Excel, and in the meantime your browser redirects to another URL? What URL? What's the PHP behind this other URL? What do your Apache / IIS logs tell you is being requested? etc etc.
searlea  2009-09-04 14:24:44
1. Nope problem is ie6 specific2. I have, it's repeatable in that when on ie6 after it starts-up it will definitely unset all session data.3. On firefox/safari/non-crap browsers it stays on the same page and the file is served out as expected(no refreshes etc), on ie6 the file isn't served out, the page refreshes and the as it refreshes the SESSION data is unset and as a result the user will be forwarded to the login page.The url is a fairly long list of arguments that is passed to an export to XLS function, that takes in GET vars executes a query and the results are stored in an xls file.
Shane  2009-09-04 15:41:03
Here's the log file request being outputted. - - [04/Sep/2009:16:38:57 +0100] "GET /articles/exportToXls?hl=en MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
Shane  2009-09-04 15:43:31
Do you know the generated `.xls` file-size so you can set a `Content-Length` header? Try that.. then try other threads: http://forums.thedailywtf.com/forums/t/5134.aspx and http://stackoverflow.com/questions/49284/file-downloads-in-ie6
searlea  2009-09-04 16:17:13
Well it's variable but we have done basically the same thing with CSV and the same problem occurs, but with a generated file-length included, but I will try everything you've suggested and those links you've sent. After that I'll try xdebug and step through the code, but sinces it's IE specific, I'm not sure I'll find anything. Anyway, many thanks for all the help!
Shane  2009-09-04 21:16:55
A: 

swimming about 20 lengths of the pool. 102 lengths. Or 51 laps. In the pool. New record. Take that

rabwqxwn  2009-11-09 14:31:31

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?