Not sure if this is more an Apache problem, cgiwrap problem, or PHP problem, but on our shared unix server, PHP scripts using 'session_start()' always seem to kick back this 'premature end of script headers' error in the apache error_log (other PHP scripts are executing fine from cgi-bin). When I run the scripts on the command line, they don't kick back any errors, which leads me to believe this is more an apache/cgiwrap problem.

cgiwrap was compiled with the following:
./configure --with-perl=/usr/local/bin/perl --with-install-dir=/usr/local/apache/cgi-bin --with-httpd-user=nobody --with-php=/usr/local/bin/php --with-php-interpreter --with-cgi-dir=cgi-bin --with-logging-file=/usr/local/apache/logs/cgiwrap.log

customer web root is /export/home/<custID>. All scripts are run from /export/home/<custID>/cgi-bin.

vhosts entries have the following rewrite lines:
RewriteCond %{REQUEST_URI} ^/cgi-bin/.*\.php
RewriteRule ^/cgi-bin/(.*)$ /cgimain/cgiwrap/%1/$1 [PT,L]
Action cgi-wrapper /cgimain/cgiwrap/<custID>

sample PHP script that is generating said error:
<?php
session_start();
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "fsslogin.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php require_once('../Connections/FSS.php');?>
<?php
mysql_select_db($database_FSS, $FSS);
$query_fss2 = "SELECT * FROM Events ORDER BY ev_Name ASC";
$fss2 = mysql_query($query_fss2, $FSS) or die(mysql_error());
$row_fss2 = mysql_fetch_assoc($fss2);
$totalRows_fss2 = mysql_num_rows($fss2);
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<snipped html>

</html>
<?php
mysql_free_result($fss2);
?>

I'm fairly new to both PHP and cgiwrap, so any help you guys can offer is appreciated.

[edited by: jdMorgan at 6:48 pm (utc) on April 26, 2004]
[edit reason] Snipped unneeded html to shorten [/edit]