Problems with sending page by mail using Internet Explorer

[GarethMarijt]

Hi,
I have inherited a third party application which uses MS Server 2000, Apache 2.0.47, MySQL 4.0.16, PHP 4.3.2 and needs to run through Internet Explorer (none of which I have any control over).

I have created a new PHP page.

When the page opens, session variables are created (compiled so I can't check the code/contents), these are used in a database comparison. If the user is matched, the page displays in it's entirety otherwise it advises that the user is not authorised to view the page.

If the page displays in it's entirety and the user tries to send the page by email, the recipient does not get the full page, but gets the "not authorised" message instead. We are assuming that the page gets resubmitted before sending and the session information is lost, and that is why the original HTML has been lost, but we don't know it is happening or how to get around it.

Any help would be greatly appreciated.
Regards
Gareth

[ober]

That's a rough one. When you get to the point when you're processing the email, can you echo the $_SESSION contents? Are you sure the session contents are even being carried over to the next page?

Also, have you considered using cookies to take the session issues out of the equation?

[GarethMarijt]

[!--quoteo(post=372924:date=May 10 2006, 03:20 PM:name=ober)--][div class=\'quotetop\']QUOTE(ober @ May 10 2006, 03:20 PM) [snapback]372924[/snapback][/div][div class=\'quotemain\'][!--quotec--]
That's a rough one. When you get to the point when you're processing the email, can you echo the $_SESSION contents? Are you sure the session contents are even being carried over to the next page?

Also, have you considered using cookies to take the session issues out of the equation?
[/quote]
Thanks for your reply.
The session contents appear to get lost(?) when the processing takes place. Unfortunately, they are not the standard $_SESSION/$_SERVER values, but a version written by the third party supplier.
Just to make life more awkward, the user logs into the application (and it is from there that the values get picked up) rather than IE, so things like authentication information are not available.

To make life [u]even[/u] more awkward, it is just one page. The user enters criteria values at the first pass, PHP_SELF is used to recall the page, but now displaying the requested information.

Cookies are not an option unfortunately as the page is designed for our security team and their machines are locked down (also one of the reasons why it is only one page).