script crashes with url alteration

[EchoFool]

On my script on the main page which is login.php

 

say the domain was www.test.com/login.php

 

if some one changes that url to:

www.test.com/login.php/css

 

The script crashes and i have no idea how that happens?

This is the error i get when a user changes the url to that:

 

 

Notice: A session had already been started - ignoring session_start() in session.php on line 2

Warning: Cannot modify header information - headers already sent by (output started at session.php:2) in session.php on line 4

 

surely login.php/css is an invalid url ? But it seems to not give a "cannot find url" error that i was hoping it would =/

[wildteen88]

The error is caused becuase session_start() is being called twice. It should only be call once.

 

surely login.php/css is an invalid url ?

No its a perfectly valid url.

[PFMaBiSmAd]

Doing that causes several server variables to contain the /css at the end -

    [REQUEST_URI] => /login.php/css

    [PATH_INFO] => /css

    [PATH_TRANSLATED] => your_path\htdocs\css

    [php_SELF] => /login.php/css

 

Is your login.php code using any of those or are you doing any URL rewriting?

 

[EchoFool]

Argh it is checking to see if such a url exists and if it does do not load a session as one is already set.

 

But then, if the url changes the if statement would fail and then two session start's are set... which is what must be causing the error.

How can i prevent the crash though?

[revraz]

Fix your code...

 

session_start doesn't need a IF statement, it will start one if one does not exist or resume one that does exist.

[PFMaBiSmAd]

If a page uses sessions, you should have one session_start() at the start of the main file. You should not have session_start() statements in multiple bits of included code or in conditional statements.