Page 1 of 1

session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:03 pm
by bhonan
Hi,

If there is a better post for this, just let me know.

I am building a php site with a login page, a log out page, and a create user page. I'm using sessions to keep track of users. On my main login page I am getting the following errors:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /Library/WebServer/Documents/officialtix/includes/session.php:1) in /Library/WebServer/Documents/officialtix/includes/session.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Library/WebServer/Documents/officialtix/includes/session.php:1) in /Library/WebServer/Documents/officialtix/includes/session.php on line 2

It seems like it's saying that I need to start the session before anything else. And that the way it is now, that's not the case. But, in my document session_start() is the first command to be executed. (I'm using and include at the top of the page to include session.php and the first command in session.php is session_start(). So what is the problem?

The only thing I could think of is that my page uses frames. And this is the first line in the main window, not the whole framset. But I when I was testing it out the first time, everything seemed to work. (I was able to cofirm I was in a session, and also delete the session cookie and see I was completely logged out)

Any ideas?!?!

Re: session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:05 pm
by Christopher
ANY output will cause this. For example, you might have a space or return character after the ?> at the end of the file.

Re: session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:09 pm
by bhonan
wow f***.... talk about sensitive! Thanks! Just a space!!! Sorry I missed that!

Re: session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:18 pm
by Christopher
The ?> is not necessary in files that are all PHP, such as class files. I don't use them. I know that Zend does not use them in their framework for example.

Re: session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:24 pm
by bhonan
i just learned php/mysql and am trying to be pretty strict with my code, just want to make sure I know what's going on, so I'm using full everything....

Well, now that I can log in... any ideas on how to make a tier login system? I have 6 or 7 different types of users I want each of them to access only some content (some content can be accessed by multiple users). I did this one before using a $usertype variable which i then used to do a bunch of if/then statements with my redirect. I was using the "GET" variable to pass it along in the url. But now that I'm using sessions, any suggestions on how to use that to my advantage and create a smoother system?

Re: session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:31 pm
by Christopher
I find it easiest to have the Authentication page create a User object when they have logged in successfully, and save it in the session. Then Access Control code on every protected page can use that object to see if they are allowed to view the page.

Re: session start warning, headers already sent

Posted: Sat Feb 02, 2008 1:40 pm
by bhonan
can you elaborate? should I put something in the session.php? My database assigns a key to each user, and I also have the usertype. (then just username and pw) My session.php checks the userid to confirm the userid.