Session and Excel

Hi to all,
When i export my reports to excel i can't start session. Because session_start send to browser some information so excel output don't work. In this case i can't check security information.
What's your opinion? What can i do for security check or can i start session with excel header. Is there any way?

Thanks to all.
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");

Open in new window

erenpasaAsked:
Who is Participating?
 
hernst42Connect With a Mentor Commented:
Those things work. We use such things on a regular base in our application. make sure to exit after you send the Location header. I would suggetst the following code.

Or do you open the xls file via Excel (macro) and not via Browser?
Are you using SSL?


<?php
 
//If i start session in here so headers for excel don't work.
session_start();
if (!isset($_SESSION["userID"])){
    header("HTTP/1.0 404 Not found");
    header("Content-type: text/plain");
    die(1);
}
 
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");   

Open in new window

0
 
hernst42Commented:
Why you still can check the security information. If the security information do not match just issue a 404 error vi header


<?php 
if (!isValidUser()) {
    header("HTTP/1.0 404 Not found");
    header("Content-type: text/plain");
    die(1);
}
 
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");

Open in new window

0
 
Loganathan NatarajanLAMP DeveloperCommented:
better I would suggest check the link before it is available to the user..

. otherwise some it would be risk to check on the export page.,
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
erenpasaAuthor Commented:
Hi logudotcom,
Could you explain some more?
0
 
Loganathan NatarajanLAMP DeveloperCommented:
In this case i can't check security information.

>> can you tell me bit here???

you want to restrict the  user to access the report of this page?
0
 
erenpasaAuthor Commented:
For example a user login to system and i have all information of users in session. But when i output to excel i can't start session so for this reason i can't check user security validation.
//If i start session in here so headers for excel don't work.
session_start();
if (!isset($_SESSION["userID"])){
   header("location:login.php");
}
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");	

Open in new window

0
 
erenpasaAuthor Commented:
Hi Hernest,
I've developing full ajax software. I couldn't see a important point.After your warning i've checked it again and i've change some codes. The code run properly at the moment with session.

Thanks alot.
0
All Courses

From novice to tech pro — start learning today.