Re: [phplib] error with $sess->delete() From: Holger Blasum (blasum <email protected>)
Date: 11/25/00

Hi Ken,

> Why I got the following error when using $sess->delete() to remove all the
> session variables.
>
> Warning: Cannot add header information - headers already sent by (output
> started at

This not especially related to sess->delete(). It simply means that
one of the previously included scripts has already sent the HTTP headers.
This usually happens when any of the files you modified does include
any (typically) trailing or leading whitespace (it is a feature of PHP
that once any text that is not <? ?> or otherwise escaped has been
included HTTP headers are sent automatically).

In your case the offence is even more obvious:
you have called
$sess->delete() which will try to send a cookie header (cf session.inc's
put_id()) *after* having sent some text, ie:

> <html>
> This is a protected page.
> <p>
> <a href="protect1.php">protect1</a>
> </html>

Simply moving $sess->delete() before you have sent any text or whitespace
may help.
However, AFAIK the usage of $sess->delete() ("Delete the current session
record and put the session id.") in this place is not very common anyway,
because you are supposed to handle validation in
your extend auth class's auth_validatelogin()
like eg:

function auth_validatelogin() {
global $username, $password, $db;
$db->query ("SELECT uid from auth_user WHERE uid = '"
                  . $username . "' AND password = password(\"$password\")");
$db->next_record();
      if (!$db->num_rows())
        {
          tm ("Invalid password");
          $username = "nobody";
        }
return $username;
}

HTH, Holger
pls support http://petition.eurolinux.org against software patentability !

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>