Just a thought... if the 'authenticate' code block was positioned just under the require_once code lines(i.e., before the other blocks), would that eliminate the need for any buffering so I could then remove the '<?php ob_start(); ?>' that I placed at the page top (which does solve the issue)?