Jump to content

session_start


steveo314

Recommended Posts

Haven't been able to find this particular issue that I'm having through Googling, but after around 7 years my session variables aren't working anymore. Nothing has been changed on my server nor in my scripts. Every PHP script has this at the begining

<?php session_start()
Link to comment
Share on other sites

 

Are you receiving any errors? If so, what are the exact messages?

 

Is PHP set to show all errors and warnings? Note that you can add the following to the top of your script to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

'headers already sent'

'session_status() == PHP_SESSION_ACTIVE' is true

Link to comment
Share on other sites

'headers already sent'

 

A quick Google search will tell you that this is one of the classical PHP mistakes.

 

The simple answer: You must not generate any output before calling session_start(). No HTML, not even blank space, nothing. Starting a session involves sending a cookie, but this isn't possible when you've already sent the HTTP response (and therefore the headers) to the client. So make sure the session_start() happens before that.

 

If the code worked before, my guess is that you lied about the “nothing has changed” and actually deactivated output buffering. Either way, the proper solution is to get rid of the premature output.

Link to comment
Share on other sites

A quick Google search will tell you that this is one of the classical PHP mistakes.

 

The simple answer: You must not generate any output before calling session_start(). No HTML, not even blank space, nothing. Starting a session involves sending a cookie, but this isn't possible when you've already sent the HTTP response (and therefore the headers) to the client. So make sure the session_start() happens before that.

 

If the code worked before, my guess is that you lied about the “nothing has changed” and actually deactivated output buffering. Either way, the proper solution is to get rid of the premature output.

the first line on all my .php scripts that need the @_SESSION is '<?php session_start();'

should I add 'ob_start();' as well? I haven't worked with it yet.

Link to comment
Share on other sites

the first line on all my .php scripts that need the @_SESSION is '<?php session_start();'

 

PHP says otherwise, and I'm inclined to believe it rather than you.

 

The error message tells you exactly where the output started. Open that file and check the line. If you cannot see anything that would generate output, open the file in a hex editor. Maybe there are hidden characters like a byte order mark.

 

 

 

should I add 'ob_start();' as well?

 

No. As I already said, this is a hack, not an actual solution. The solution is to get rid of the output.

Link to comment
Share on other sites

Pretty much every PHP script should begin like this:

 

<?php
session_start();
...
...
...

 

Note the php tag is on its own line.  Why - because it can and really should since it doesn't belong to any other php line.

So the first actual code line is the call to start the session.

Link to comment
Share on other sites

EDIT Seems like I am loosing the $_SESSION elements between this in the first .php:



<?php
session_start();
if(session_status() != PHP_SESSION_ACTIVE) {
echo "Session not active, script1.php";
sleep(1);
}
if(isset($_POST['submit'])) {
$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

if($username != "") {
header('refresh: 0; url=https://website/script2.php');

And this in the 2nd .php:



<?php
session_start();
if(session_status() != PHP_SESSION_ACTIVE) {
echo "Session not active, script2.php";
sleep(1);
}
if($_SESSION['username'] == "") {
echo "Username is blank";
sleep(1);

I make it to the 'echo "Username is blank";' on the 2nd script. But I have tried an 'echo' before the 'header()' and it isn't cleared out there.


Link to comment
Share on other sites

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

The 'header()' is just to go to the script2.php. I'll try adding the 'exit;' since I go away from script1.php

 

What is this "sleep(1)" doing for you?  You want the server to pause your script for some reason?

I added that for debugging. Its because when script2.php runs I don't know what script1.php did. So I added the 'sleep' just in case that situation comes up.

Link to comment
Share on other sites

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

added 'exit;' after the 'header();' still the same result. going to leave the 'exit;' though. script1.php doesn't have anything left to do after the 'header();' call

Link to comment
Share on other sites

In the first script, did you try echoing out the SESSION variable? Note that $username could contain a different value from $_SESSION['username']. You're using $_REQUEST, which could come from a GET, POST, or COOKIE value, to set $username.

 

You could try changing this

$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($username != "") {
 
 
To this
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($_SESSION['username'] != "") {
 
Note that htmlentities() should be reserved for when you're displaying the values.
Link to comment
Share on other sites

 

In the first script, did you try echoing out the SESSION variable? Note that $username could contain a different value from $_SESSION['username']. You're using $_REQUEST, which could come from a GET, POST, or COOKIE value, to set $username.

 

You could try changing this

$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($username != "") {
 
 
To this
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($_SESSION['username'] != "") {
 
Note that htmlentities() should be reserved for when you're displaying the values.

 

I haven't used 'htmlentities();' in years and forgot what it does and there isn't really anything that I could find on it.

 

All I'm trying to do in that block of code is get the values from the html text boxes into $_SESSION. I used 'post' in the html.

<form method="post" onsubmit="return vloginform(this);" action="https://website/script1.php" name="loginform">
    Username:<br> <input type="text" name="username" required><br>
    Password:<br> <input type="password" name="password" required><br>
    <input type="submit" value="login" name="submit" id="submit">
    <input type="reset" value="reset" name="reset" id="reset">
</form>

And I'm still trying to remember what 'vloginform(this);' is. I can't find it in any of my code.  

Link to comment
Share on other sites

I haven't used 'htmlentities();' in years and forgot what it does and there isn't really anything that I could find on it. 

 

You shouldn't need to worry about it for this particular problem. With that said, more information about the function can be found here:

http://php.net/manual/en/function.htmlentities.php

 

 

How about this question:

In the first script, did you try echoing out the SESSION variable?

Link to comment
Share on other sites

You shouldn't need to worry about it for this particular problem. With that said, more information about the function can be found here:

http://php.net/manual/en/function.htmlentities.php

 

 

How about this question:

I did. If I do this in script1.php:

$username = $_POST['username'];
$_SESSION['username'] = $_POST['username'];
echo "Username is $username";
header('refresh: 0; url=http://website/script2.php');


I'll get the right username but that element is empty in $_SESSION when I get to script2.php

Link to comment
Share on other sites

 

You're still not echoing the SESSION variable. In the first script, change this 

echo "Username is $username";
 
To this
echo "Username is {$_SESSION['username']}";

Do you still see the username?

 

echo "Username is ".$_SESSION['username'];
header('refresh: 0; url=https://website/script2.php');

Gives the correct username. I didn't copy your code. So when I went to my code and typed a concat not thinking.

Link to comment
Share on other sites

Hmm...did you try displaying the entire session array in the second script?

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

Does it give you anything beyond an empty array?

 

 

 

Also, is PHP set to display all errors and warnings? Note that you can add the following, after start_session(), to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

Link to comment
Share on other sites

 

Hmm...did you try displaying the entire session array in the second script?

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

Does it give you anything beyond an empty array?

 

 

 

Also, is PHP set to display all errors and warnings? Note that you can add the following, after start_session(), to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

Array
(
)

Notice: Undefined index: username in /home/site/script2.php on line 14
$username = $_SESSION['username'];

Notice: Undefined variable: html_inc in /home/site/script2.php on line 22
$html_inc = '' . $html_inc . '<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />' . "\n";
changed to
$html_inc = '' . '<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />' . "\n";

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.