We help IT Professionals succeed at work.

Session and Excel

erenpasa
erenpasa asked
on
Hi to all,
When i export my reports to excel i can't start session. Because session_start send to browser some information so excel output don't work. In this case i can't check security information.
What's your opinion? What can i do for security check or can i start session with excel header. Is there any way?

Thanks to all.
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");

Open in new window

Comment
Watch Question

Top Expert 2007

Commented:
Why you still can check the security information. If the security information do not match just issue a 404 error vi header


<?php 
if (!isValidUser()) {
    header("HTTP/1.0 404 Not found");
    header("Content-type: text/plain");
    die(1);
}
 
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");

Open in new window

Loganathan NatarajanLAMP Developer
CERTIFIED EXPERT

Commented:
better I would suggest check the link before it is available to the user..

. otherwise some it would be risk to check on the export page.,

Author

Commented:
Hi logudotcom,
Could you explain some more?
Loganathan NatarajanLAMP Developer
CERTIFIED EXPERT

Commented:
In this case i can't check security information.

>> can you tell me bit here???

you want to restrict the  user to access the report of this page?

Author

Commented:
For example a user login to system and i have all information of users in session. But when i output to excel i can't start session so for this reason i can't check user security validation.
//If i start session in here so headers for excel don't work.
session_start();
if (!isset($_SESSION["userID"])){
   header("location:login.php");
}
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");	

Open in new window

Top Expert 2007
Commented:
Those things work. We use such things on a regular base in our application. make sure to exit after you send the Location header. I would suggetst the following code.

Or do you open the xls file via Excel (macro) and not via Browser?
Are you using SSL?


<?php
 
//If i start session in here so headers for excel don't work.
session_start();
if (!isset($_SESSION["userID"])){
    header("HTTP/1.0 404 Not found");
    header("Content-type: text/plain");
    die(1);
}
 
header("Content-Type: application/xls; charset=UTF-8");
header("Content-Disposition: attachment; filename=report.xls");
header("Pragma: no-cache");
header("Expires: 0");   

Open in new window

Author

Commented:
Hi Hernest,
I've developing full ajax software. I couldn't see a important point.After your warning i've checked it again and i've change some codes. The code run properly at the moment with session.

Thanks alot.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.