Page 1 of 1

Session Variables

Posted: Fri Jun 16, 2006 3:44 pm
by r_barlow
I'm trying to create session variables to hold a username and password.

The following code generates the following error:

Code: Select all

$user = $HTTP_POST_VARS['user'];
$pass = $HTTP_POST_VARS['pass'];
	
session_start();
session_register("username");
$username = $user;

Warning: session_start() [function.session-start]: open(C:\PHP\sessiondata\sess_cd186036c4193d17424ca1fa77c80cd6, O_RDWR) failed: No such file or directory (2)

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0

Warning: Unknown: open(C:\PHP\sessiondata\sess_cd186036c4193d17424ca1fa77c80cd6, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\PHP\sessiondata) in Unknown on line 0

Posted: Fri Jun 16, 2006 3:55 pm
by printf
First make sure you have a directory created in your PHP directory called 'sessiondata' =>C:/PHP/sessiondata, the other errors are a result of the first error! Also you should use the newer SUPER GLOBALS $_SESSION, ... instead of using the older functions that don't act the same as the SUPER GLOBAL $_SESSION!

Code: Select all

session_start ();

// you should validate your $_POST data before adding it to the $_SESSION array

$_SESSION['username'] = $_POST['user']; 
$_SESSION['password'] = $_POST['pass'];
pif!

Posted: Fri Jun 16, 2006 5:26 pm
by r_barlow
Thanks, that works but now I have included code to connect to a mysql db in order to validate the login and I get this error on session_start()

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\dbconfig.php:6) in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\processlogin.php on line 17

this is what dbconfig is:

Code: Select all

<?
	$dbhost = 'localhost';
	$dbuser = 'root';
	$dbpass = 'password';
	$dbname = 'userdb';
?>

Posted: Fri Jun 16, 2006 5:40 pm
by RobertGonzalez
It's been a heckuva a weak for header() issues...

That error is because there is output being sent to the browser before your call to the session_start() function. You can't do this (without some massaging of code somewhere else). Check your code and make sure that session_start() is called before anything is sent to the browser.

Posted: Sat Jun 17, 2006 1:23 pm
by tecktalkcm0391
Also do this on every page just to keep the page clean of the header error.:

Code: Select all

<?php 
// Very first thing to call
ob_start();


// You normal Script  goes here for everypage


// Very last thing to call
ob_flush();
?>

Posted: Sun Jun 18, 2006 3:31 pm
by RobertGonzalez
Not the best of advice to give, in my opinion. If you are doing something wrong in your code, PHP throws an error/notice to tell you that you are doing something wrong. Adding in the output buffering code for the sole purpose of quiteing the 'headers already sent' error is not handling the error to begin with.

My suggestion is write your code logically and properly. Test your code vigorously with error_reporting set to E_ALL and display_errors set to On (just make sure to change those setting in a production environment). Then, when you don't the error it is because you coded it correctly, not because you told PHP to be quiet.

Posted: Sun Jun 18, 2006 3:39 pm
by alex.barylski
Not the best of advice to give, in my opinion. If you are doing something wrong in your code, PHP throws an error/notice to tell you that you are doing something wrong. Adding in the output buffering code for the sole purpose of quiteing the 'headers already sent' error is not handling the error to begin with.
I second that advice :)

Posted: Sun Jun 18, 2006 10:12 pm
by chakhar86
why you don't use cookies instead, in my experience it won't caused you headers problem but less secure

Posted: Sun Jun 18, 2006 11:21 pm
by RobertGonzalez
Cookies are bound by the same header problems as header. The thing to remember in this case is that it is important to take what PHP is telling you seriously. If you are getting errors, fix the code.