session_start

[steveo314]

Haven't been able to find this particular issue that I'm having through Googling, but after around 7 years my session variables aren't working anymore. Nothing has been changed on my server nor in my scripts. Every PHP script has this at the begining

<?php session_start()

[cyberRobot]

Are you receiving any errors? If so, what are the exact messages?

 

Is PHP set to show all errors and warnings? Note that you can add the following to the top of your script to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

[Barand]

If they suddenly stopped working then either they just got tired (unlikely) or something, somewhere, has changed.

 

You need to determine what.

[steveo314]

 

Are you receiving any errors? If so, what are the exact messages?

 

Is PHP set to show all errors and warnings? Note that you can add the following to the top of your script to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

'headers already sent'

'session_status() == PHP_SESSION_ACTIVE' is true

[steveo314]

If they suddenly stopped working then either they just got tired (unlikely) or something, somewhere, has changed.

 

You need to determine what.

Hhmmm sounds like nap time...

[Barand]

What makes you think sessions are the problem?

[steveo314]

What makes you think sessions are the problem?

After using the session_status, I realized that wasn't it. But I'm just lost as to how the $_SESSION array ends up being empty. I've been racking my brain on this for a couple weeks now. 

[cyberRobot]

'headers already sent'

 

Did that error pop up after adding the error code I suggested? If so, the error code should go after session_start(). Sorry about the confusion.

[Jacques1]

'headers already sent'

 

A quick Google search will tell you that this is one of the classical PHP mistakes.

 

The simple answer: You must not generate any output before calling session_start(). No HTML, not even blank space, nothing. Starting a session involves sending a cookie, but this isn't possible when you've already sent the HTTP response (and therefore the headers) to the client. So make sure the session_start() happens before that.

 

If the code worked before, my guess is that you lied about the “nothing has changed” and actually deactivated output buffering. Either way, the proper solution is to get rid of the premature output.

[steveo314]

A quick Google search will tell you that this is one of the classical PHP mistakes.

 

The simple answer: You must not generate any output before calling session_start(). No HTML, not even blank space, nothing. Starting a session involves sending a cookie, but this isn't possible when you've already sent the HTTP response (and therefore the headers) to the client. So make sure the session_start() happens before that.

 

If the code worked before, my guess is that you lied about the “nothing has changed” and actually deactivated output buffering. Either way, the proper solution is to get rid of the premature output.

the first line on all my .php scripts that need the @_SESSION is '<?php session_start();'

should I add 'ob_start();' as well? I haven't worked with it yet.

[Jacques1]

the first line on all my .php scripts that need the @_SESSION is '<?php session_start();'

 

PHP says otherwise, and I'm inclined to believe it rather than you.

 

The error message tells you exactly where the output started. Open that file and check the line. If you cannot see anything that would generate output, open the file in a hex editor. Maybe there are hidden characters like a byte order mark.

 

 

 

should I add 'ob_start();' as well?

 

No. As I already said, this is a hack, not an actual solution. The solution is to get rid of the output.

[ginerjm]

Pretty much every PHP script should begin like this:

 

<?php
session_start();
...
...
...

 

Note the php tag is on its own line.  Why - because it can and really should since it doesn't belong to any other php line.

So the first actual code line is the call to start the session.

[steveo314]

EDIT Seems like I am loosing the $_SESSION elements between this in the first .php:

<?php

session_start();

if(session_status() != PHP_SESSION_ACTIVE) {

    echo "Session not active, script1.php";

    sleep(1);

} 

if(isset($_POST['submit'])) {

    $username = htmlentities($_REQUEST['username']);

    $password = htmlentities($_REQUEST['password']);

    $_SESSION['username'] = $_POST['username'];

    $_SESSION['password'] = $_POST['password'];


    if($username != "") {

        header('refresh: 0; url=https://website/script2.php');

    } 

And this in the 2nd .php:

<?php

session_start();

if(session_status() != PHP_SESSION_ACTIVE) {

    echo "Session not active, script2.php";

    sleep(1);

}

if($_SESSION['username'] == "") {

    echo "Username is blank";

    sleep(1);

} 

I make it to the 'echo "Username is blank";' on the 2nd script. But I have tried an 'echo' before the 'header()' and it isn't cleared out there.

[cyberRobot]

EDIT Seems like I am loosing the $_SESSION elements between this in the first .php:

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

Edited September 28, 2017 by cyberRobot

[ginerjm]

What is this "sleep(1)" doing for you?  You want the server to pause your script for some reason?

[steveo314]

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

The 'header()' is just to go to the script2.php. I'll try adding the 'exit;' since I go away from script1.php

 

What is this "sleep(1)" doing for you?  You want the server to pause your script for some reason?

I added that for debugging. Its because when script2.php runs I don't know what script1.php did. So I added the 'sleep' just in case that situation comes up.

[steveo314]

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

added 'exit;' after the 'header();' still the same result. going to leave the 'exit;' though. script1.php doesn't have anything left to do after the 'header();' call

Edited September 28, 2017 by steveo314

[cyberRobot]

In the first script, did you try echoing out the SESSION variable? Note that $username could contain a different value from $_SESSION['username']. You're using $_REQUEST, which could come from a GET, POST, or COOKIE value, to set $username.

 

You could try changing this

$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($username != "") {

 

 

To this

$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($_SESSION['username'] != "") {

 

Note that htmlentities() should be reserved for when you're displaying the values.

[steveo314]

 

In the first script, did you try echoing out the SESSION variable? Note that $username could contain a different value from $_SESSION['username']. You're using $_REQUEST, which could come from a GET, POST, or COOKIE value, to set $username.

 

You could try changing this

$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($username != "") {

 

 

To this

$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($_SESSION['username'] != "") {

 

Note that htmlentities() should be reserved for when you're displaying the values.

 

I haven't used 'htmlentities();' in years and forgot what it does and there isn't really anything that I could find on it.

 

All I'm trying to do in that block of code is get the values from the html text boxes into $_SESSION. I used 'post' in the html.

<form method="post" onsubmit="return vloginform(this);" action="https://website/script1.php" name="loginform">
    Username:<br> <input type="text" name="username" required><br>
    Password:<br> <input type="password" name="password" required><br>
    <input type="submit" value="login" name="submit" id="submit">
    <input type="reset" value="reset" name="reset" id="reset">
</form>

And I'm still trying to remember what 'vloginform(this);' is. I can't find it in any of my code.  

Edited September 28, 2017 by steveo314

[cyberRobot]

I haven't used 'htmlentities();' in years and forgot what it does and there isn't really anything that I could find on it. 

 

You shouldn't need to worry about it for this particular problem. With that said, more information about the function can be found here:

http://php.net/manual/en/function.htmlentities.php

 

 

How about this question:

In the first script, did you try echoing out the SESSION variable?

Edited September 28, 2017 by cyberRobot

[steveo314]

You shouldn't need to worry about it for this particular problem. With that said, more information about the function can be found here:

http://php.net/manual/en/function.htmlentities.php

 

 

How about this question:

I did. If I do this in script1.php:

$username = $_POST['username'];
$_SESSION['username'] = $_POST['username'];
echo "Username is $username";
header('refresh: 0; url=http://website/script2.php');

I'll get the right username but that element is empty in $_SESSION when I get to script2.php

Edited September 28, 2017 by steveo314

[cyberRobot]

You're still not echoing the SESSION variable. In the first script, change this 

echo "Username is $username";

 

To this

echo "Username is {$_SESSION['username']}";

Do you still see the username?

 

[steveo314]

 

You're still not echoing the SESSION variable. In the first script, change this 

echo "Username is $username";

 

To this

echo "Username is {$_SESSION['username']}";

Do you still see the username?

 

echo "Username is ".$_SESSION['username'];
header('refresh: 0; url=https://website/script2.php');

Gives the correct username. I didn't copy your code. So when I went to my code and typed a concat not thinking.

Edited September 28, 2017 by steveo314

[cyberRobot]

Hmm...did you try displaying the entire session array in the second script?

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

Does it give you anything beyond an empty array?

 

 

 

Also, is PHP set to display all errors and warnings? Note that you can add the following, after start_session(), to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

[steveo314]

 

Hmm...did you try displaying the entire session array in the second script?

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

Does it give you anything beyond an empty array?

 

 

 

Also, is PHP set to display all errors and warnings? Note that you can add the following, after start_session(), to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

Array
(
)

Notice: Undefined index: username in /home/site/script2.php on line 14
$username = $_SESSION['username'];

Notice: Undefined variable: html_inc in /home/site/script2.php on line 22
$html_inc = '' . $html_inc . '<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />' . "\n";
changed to
$html_inc = '' . '<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />' . "\n";