Page 1 of 1

Trouble with session_regenerate_id(true)

Posted: Thu Apr 11, 2013 9:21 pm
by TCmullet
I'm new to PHP. Have gotten a simple login system working. Each page has

Code: Select all

<?php include "base.php";?>
at the top. base.php contains:

Code: Select all

<?php
session_start();
?>
I do call several other php files during the course of things. It works fine, but I found here:
http://forums.devshed.com/php-developme ... 50530.html
that in order to prevent session hijacking, I should add a line to make my base.php file look like this:

Code: Select all

<?php
session_start();
session_regenerate_id(true);
?>
Everything works fine except now I get a warning every time I execute any of my pages (all of them including this code at the top). The warning is this:
[text][11-Apr-2013 22:19:34 America/New_York] PHP Warning: session_regenerate_id(): Cannot regenerate session id - headers already sent in /home/tomsgood/public_html/base.php on line 3
[/text]
The searching I did on the web doesn't seem to help me find out why this warning is happening or how to stop it.

Re: Trouble with session_regenerate_id(true)

Posted: Fri Apr 12, 2013 1:06 am
by social_experiment
TCmullet wrote:at the top
with nothing before (above) that, no doctype declaration or html tags (such as meta tags) or any other data?

Re: Trouble with session_regenerate_id(true)

Posted: Fri Apr 12, 2013 7:33 am
by TCmullet
Yes, the "include base.php" line has to come before everything. (At least that's what I learned a couple years ago when I first got it working in it's present state.)

Re: Trouble with session_regenerate_id(true)

Posted: Fri Apr 12, 2013 2:29 pm
by social_experiment
TCmullet wrote:the "include base.php" line has to come before everything.
correct, it still works this way;

i think you should only regenerate the id during one of the 3 times mentioned, not on each page.
When a user log in
When a user log out
When a user get administrative access