Im getting this message when i load my login page. its brand new, so i hjave a million directions i can go. I want a secure login with sessions so that i can remove the logins on other outside apps on the site. [code]Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/c4sale/public_html/main/Connections/connection.php:12) in /home/c4sale/public_html/main/login.php on line 36 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/c4sale/public_html/main/Connections/connection.php:12) in /home/c4sale/public_html/main/login.php on line 36[/code] heres the header of my page [code]<?php require_once('Connections/connection.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['textfield'])) { $loginUsername=$_POST['textfield']; $password=$_POST['textfield2']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "user/index.php"; $MM_redirectLoginFailed = "login_deny.php"; $MM_redirecttoReferrer = true; mysql_select_db($database_forsale, $forsale); $LoginRS__query=sprintf("SELECT Desired_Username, Password FROM login1_table WHERE Desired_Username=%s AND Password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $forsale) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?>[/code] and heres the form [code]<form name="form1" method="POST" action="<?php echo $loginFormAction; ?>"> <label>Username<br><input name="textfield" type="text" accesskey="l" tabindex="1" size="15"><br></label><label>Password<br><input name="textfield2" type="password" tabindex="2" size="15"><br></label><input type="submit" name="Submit" value="Submit" tabindex="3"></form>[/code]