Figured it out. I couldn't find documentation of escaping a '?' anywhere online, but I tried a '\' anyhow and it worked. My code reads:

Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.example.com/system/getimage.php\?i=$1 [R=301,L]

Do you really want a redirect -- which exposes the dynamic URL to search engines (and competitors), or would an internal rewrite be more appropriate?

Jim

Yes, I need a redirect. This page is only available when logged into a user account. It's basically to allow FCKEditor to display images and such that are stored within another 'root' directory while keeping the code clean.

But I have a new problem. When redirecting, .htaccess does not allow the .php file to read sessions. The .php file works when called from a browser, but when called from .htaccess, the sessions are empty (I'm assuming because the server has no session).

What is a work around for this?

Try adding the [QSA] flag (Query String Append), along with the [R=301,L] -- i.e. [QSA,R=301,L]

Jim

No success.

When I run the 301 error code, I can see the browser being handed the PHP file, so I'm assuming that the file goes client-side at some point. It just boggles my mind that it doesn't grab the session variables.

Any additional ideas are welcome!

Technically, the 301 isn't an error, it's a redirect.

Always check the returned HTTP headers by using something like the Live HTTP Headers extension for Mozilla Firefox or Mozilla Seamonkey.

You'll need to be sure that the "realm" for any cookies used to store session info client-side includes the redirected-to domain, otherwise, that cookie will not be available in the new domain.

Jim

g1smd, I tried editing my post, but I still have the same problem :P

jdMorgan, the .php script is on the same domain as the .htaccess script. I've even tried handling it with another cookie specifically set for this purpose, but no luck there, either.

Still trying to figure this out. The completion of my project hinges on this one problem.

If the original request and the redirected-to URL are in the same domain and directory, then you'll likely need to explicitly prevent an 'infinite' redirection loop:

Options +FollowSymLinks
RewriteEngine on
RewriteCond $1 !^system/getimage\.php$
RewriteRule (.*) http://www.example.com/system/getimage.php?i=$1 [R=301,L]

This assumes that the code is in example.com/.htaccess. If not, you'll need to adjust the RewriteCond path to suit. However, if the code is in /content/.htaccess, then no loop-prevention should be needed,

A server headers checker such as the "Live HTTP Headers" add-on for Firefox/Mozilla browsers would show a loop clearly as a series of redirects, ending with "GET /system/getimage.php?i=system/getimage.php HTTP/1.1"

Jim

They are in the same domain, but not the same directory. Looking at the headers via "Live HTTP Headers" I can clearly see the cookie disappear when .htaccess calls the .php script. The php script then continues (since I have disabled any die on error commands for debugging) to forward to [www./media/image.jpg....]

The session value holds the data "example.com" and should be inserted by the php file to http://www.example.com/media/image.jpg.

Would anyone mind to bother with testing this on their server?

A couple of points from above...

First, the php file does not "go client side." If it's working properly, the php code is parsed by the php interpreter on your server, and the HTML output of the PHP is sent to the client.

Second, the php is not "called from .htaccess." The .htaccess code merely sends a 301 redirect response to the client, which then issues a new request using the new URL sent in that redirect response -- The URL you specified in your RewriteRule.

If the 'realm' of the cookie is set correctly. then it will be sent with *all* requests from the client to any URLs within that realm on your domain. The only conditions under which the cookie will not be sent are if it expires or if the cookie's realm does not match the requested URL-path.

The intent here is not to be picky, but rather to prevent confusion and possibly to save you some time.

Jim

Thanks, jdMorgan. Unfortunately, that only enhances the mystery for me. If the .htaccess file fowards cookie information, it should be available, right?

My .htaccess file is located:

http://www.example.com/content/media

My .php script is located:

http://www.example.com/scripts/

That should be within the same 'realm', shouldn't it?

I tried moving the .php script 'closer' to the .htaccess file (http://www.example.com/content", but to no avail.

I just can't understand where the cookie would go.

Is there a way for .htaccess to read the cookie and append it to the url?

A cookie that applies to www.domain.com would not be readable at domain.com, unless the cookie was set to be available at *.domain.com first.

The answer to that is likely buried in some scripting somewhere, else.

A cookie has three relevant properties concerning it's scope (realm) and validity;

• path - tells the browser what path must match in order to send that cookie with upcoming requests;
  
• domain - tells the browser which domain must match in order to send that cookie with upcoming requests;
  
• expiry - tells the browser when the cookie will expire. There are two types, permanent and temporary. Temporary cookies are valid as long as the browser is kept open, permanent ones have their own expiry time, when that is passed, the cookie will be removed.

You can control these from php, see session.cookie_path, session.cookie_domain and session.cookie_domain in the documentation of Sessions [php.net] within the PHP documentation.

Thanks for that, guys. I will retry the setcookie method. But the session as is it created using PHP's $_SESSION variables. How could that be lost on the redirect?

Check the values of the mentioned PHP ini settings (using ini_get [php.net]).

Which settings should I check?

You can control these from php, see session.cookie_path, session.cookie_domain and session.cookie_domain in the documentation of Sessions [php.net] within the PHP documentation.