5 replies to this topic

[Hunter100]

Hello all,

I've been working on a login system for my website for ages now. I've just finished modifying the UI and decided to get back to work on the login system.

I have a problem. To access the session variables (i.e. starting the session) I use the

session_start();

function, however, it returns these two errors:

Warning: session_start() [
FUNCTION.SESSION-START
]: Cannot send session cookie - headers already sent by (output started at /home/brezerd1/public_html/index.php:2) in /home/brezerd1/public_html/template.php on line 3

Warning: session_start() [
FUNCTION.SESSION-START
]: Cannot send session cache limiter - headers already sent (output started at /home/brezerd1/public_html/index.php:2) in /home/brezerd1/public_html/template.php on line 3

Even though, I'm running session_name before it. The session is being set by login_success.php (which occurs if checklogin.php validates the login).

Basically, I'm trying to keep the user logged in for all pages (until they log out of course).

I'd appreciate some help on this one, as it's been bugging me for a while.

Thanks.

[Orjan]

session_start() needs to be ran before anything is echoed, printed or any html is sent to the browser. what is your code?

[Upstream]

And the same holds true for the use of header() and settig cookies. I good article on creating a secure login with, sessions/session checking and a remeber user function can be found here:

PHP - Creating a Secure PHP Login Script - Dev Shed

[Upstream]

And the same is true for header() and setting cookies. I found this tutorial PHP - Creating a Secure PHP Login Script - Dev Shed very useful on secure login scripts with sessions/session checking and remember me function.

[Hunter100]

Well, I'm opening my PHP

<?php

Then, I'm running

session_start();

Then I'm echoing some stuff.

So basically, That is the first thing I'm doing on every page!

Besides HTML comments, however I've tried moving them to no help.

I'll check out that tutorial.

[null]

session_name

doesn't have to be called before you set the session. Code before

session_start()

is obviously the problem here. Have you checked that you have not sent ANY output to the browser, including HTTP headers. Check all your usages of

session_start()

and try to find any code before it. If you are using a

include('')

check if there is any code being outputted before this. Also remember that

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

counts as well.