Jump to content
steveo314

session_start

Recommended Posts

Haven't been able to find this particular issue that I'm having through Googling, but after around 7 years my session variables aren't working anymore. Nothing has been changed on my server nor in my scripts. Every PHP script has this at the begining

<?php session_start()

Share this post


Link to post
Share on other sites

Are you receiving any errors? If so, what are the exact messages?

 

Is PHP set to show all errors and warnings? Note that you can add the following to the top of your script to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

Share this post


Link to post
Share on other sites

If they suddenly stopped working then either they just got tired (unlikely) or something, somewhere, has changed.

 

You need to determine what.

Share this post


Link to post
Share on other sites

 

Are you receiving any errors? If so, what are the exact messages?

 

Is PHP set to show all errors and warnings? Note that you can add the following to the top of your script to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

'headers already sent'

'session_status() == PHP_SESSION_ACTIVE' is true

Share this post


Link to post
Share on other sites

If they suddenly stopped working then either they just got tired (unlikely) or something, somewhere, has changed.

 

You need to determine what.

Hhmmm sounds like nap time...

Share this post


Link to post
Share on other sites

What makes you think sessions are the problem?

After using the session_status, I realized that wasn't it. But I'm just lost as to how the $_SESSION array ends up being empty. I've been racking my brain on this for a couple weeks now. 

Share this post


Link to post
Share on other sites

'headers already sent'

 

Did that error pop up after adding the error code I suggested? If so, the error code should go after session_start(). Sorry about the confusion.

Share this post


Link to post
Share on other sites

'headers already sent'

 

A quick Google search will tell you that this is one of the classical PHP mistakes.

 

The simple answer: You must not generate any output before calling session_start(). No HTML, not even blank space, nothing. Starting a session involves sending a cookie, but this isn't possible when you've already sent the HTTP response (and therefore the headers) to the client. So make sure the session_start() happens before that.

 

If the code worked before, my guess is that you lied about the “nothing has changed” and actually deactivated output buffering. Either way, the proper solution is to get rid of the premature output.

Share this post


Link to post
Share on other sites

A quick Google search will tell you that this is one of the classical PHP mistakes.

 

The simple answer: You must not generate any output before calling session_start(). No HTML, not even blank space, nothing. Starting a session involves sending a cookie, but this isn't possible when you've already sent the HTTP response (and therefore the headers) to the client. So make sure the session_start() happens before that.

 

If the code worked before, my guess is that you lied about the “nothing has changed” and actually deactivated output buffering. Either way, the proper solution is to get rid of the premature output.

the first line on all my .php scripts that need the @_SESSION is '<?php session_start();'

should I add 'ob_start();' as well? I haven't worked with it yet.

Share this post


Link to post
Share on other sites

the first line on all my .php scripts that need the @_SESSION is '<?php session_start();'

 

PHP says otherwise, and I'm inclined to believe it rather than you.

 

The error message tells you exactly where the output started. Open that file and check the line. If you cannot see anything that would generate output, open the file in a hex editor. Maybe there are hidden characters like a byte order mark.

 

 

 

should I add 'ob_start();' as well?

 

No. As I already said, this is a hack, not an actual solution. The solution is to get rid of the output.

Share this post


Link to post
Share on other sites

Pretty much every PHP script should begin like this:

 

<?php
session_start();
...
...
...

 

Note the php tag is on its own line.  Why - because it can and really should since it doesn't belong to any other php line.

So the first actual code line is the call to start the session.

Share this post


Link to post
Share on other sites

EDIT Seems like I am loosing the $_SESSION elements between this in the first .php:



<?php
session_start();
if(session_status() != PHP_SESSION_ACTIVE) {
echo "Session not active, script1.php";
sleep(1);
}
if(isset($_POST['submit'])) {
$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];

if($username != "") {
header('refresh: 0; url=https://website/script2.php');

And this in the 2nd .php:



<?php
session_start();
if(session_status() != PHP_SESSION_ACTIVE) {
echo "Session not active, script2.php";
sleep(1);
}
if($_SESSION['username'] == "") {
echo "Username is blank";
sleep(1);

I make it to the 'echo "Username is blank";' on the 2nd script. But I have tried an 'echo' before the 'header()' and it isn't cleared out there.


Share this post


Link to post
Share on other sites

EDIT Seems like I am loosing the $_SESSION elements between this in the first .php:

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}
Edited by cyberRobot

Share this post


Link to post
Share on other sites

What is this "sleep(1)" doing for you?  You want the server to pause your script for some reason?

Share this post


Link to post
Share on other sites

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

The 'header()' is just to go to the script2.php. I'll try adding the 'exit;' since I go away from script1.php

 

What is this "sleep(1)" doing for you?  You want the server to pause your script for some reason?

I added that for debugging. Its because when script2.php runs I don't know what script1.php did. So I added the 'sleep' just in case that situation comes up.

Share this post


Link to post
Share on other sites

 

Should any code be executed after the call to header()? If not, you'll want to exit afterwards.

if($username != "") {
    header('refresh: 0; url=https://website/script2.php');
    exit;
}

added 'exit;' after the 'header();' still the same result. going to leave the 'exit;' though. script1.php doesn't have anything left to do after the 'header();' call

Edited by steveo314

Share this post


Link to post
Share on other sites

In the first script, did you try echoing out the SESSION variable? Note that $username could contain a different value from $_SESSION['username']. You're using $_REQUEST, which could come from a GET, POST, or COOKIE value, to set $username.

 

You could try changing this

$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($username != "") {
 
 
To this
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($_SESSION['username'] != "") {
 
Note that htmlentities() should be reserved for when you're displaying the values.

Share this post


Link to post
Share on other sites

 

In the first script, did you try echoing out the SESSION variable? Note that $username could contain a different value from $_SESSION['username']. You're using $_REQUEST, which could come from a GET, POST, or COOKIE value, to set $username.

 

You could try changing this

$username = htmlentities($_REQUEST['username']);
$password = htmlentities($_REQUEST['password']);
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($username != "") {
 
 
To this
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
 
if($_SESSION['username'] != "") {
 
Note that htmlentities() should be reserved for when you're displaying the values.

 

I haven't used 'htmlentities();' in years and forgot what it does and there isn't really anything that I could find on it.

 

All I'm trying to do in that block of code is get the values from the html text boxes into $_SESSION. I used 'post' in the html.

<form method="post" onsubmit="return vloginform(this);" action="https://website/script1.php" name="loginform">
    Username:<br> <input type="text" name="username" required><br>
    Password:<br> <input type="password" name="password" required><br>
    <input type="submit" value="login" name="submit" id="submit">
    <input type="reset" value="reset" name="reset" id="reset">
</form>

And I'm still trying to remember what 'vloginform(this);' is. I can't find it in any of my code.  

Edited by steveo314

Share this post


Link to post
Share on other sites

I haven't used 'htmlentities();' in years and forgot what it does and there isn't really anything that I could find on it. 

 

You shouldn't need to worry about it for this particular problem. With that said, more information about the function can be found here:

http://php.net/manual/en/function.htmlentities.php

 

 

How about this question:

In the first script, did you try echoing out the SESSION variable?

Edited by cyberRobot

Share this post


Link to post
Share on other sites

You shouldn't need to worry about it for this particular problem. With that said, more information about the function can be found here:

http://php.net/manual/en/function.htmlentities.php

 

 

How about this question:

I did. If I do this in script1.php:

$username = $_POST['username'];
$_SESSION['username'] = $_POST['username'];
echo "Username is $username";
header('refresh: 0; url=http://website/script2.php');


I'll get the right username but that element is empty in $_SESSION when I get to script2.php

Edited by steveo314

Share this post


Link to post
Share on other sites

You're still not echoing the SESSION variable. In the first script, change this 

echo "Username is $username";
 
To this
echo "Username is {$_SESSION['username']}";

Do you still see the username?

 

Share this post


Link to post
Share on other sites

 

You're still not echoing the SESSION variable. In the first script, change this 

echo "Username is $username";
 
To this
echo "Username is {$_SESSION['username']}";

Do you still see the username?

 

echo "Username is ".$_SESSION['username'];
header('refresh: 0; url=https://website/script2.php');

Gives the correct username. I didn't copy your code. So when I went to my code and typed a concat not thinking.

Edited by steveo314

Share this post


Link to post
Share on other sites

Hmm...did you try displaying the entire session array in the second script?

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

Does it give you anything beyond an empty array?

 

 

 

Also, is PHP set to display all errors and warnings? Note that you can add the following, after start_session(), to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

Share this post


Link to post
Share on other sites

 

Hmm...did you try displaying the entire session array in the second script?

echo '<pre>' . print_r($_SESSION, true) . '</pre>';

Does it give you anything beyond an empty array?

 

 

 

Also, is PHP set to display all errors and warnings? Note that you can add the following, after start_session(), to make sure:

error_reporting(E_ALL);
ini_set('display_errors', 1);

 

Array
(
)

Notice: Undefined index: username in /home/site/script2.php on line 14
$username = $_SESSION['username'];

Notice: Undefined variable: html_inc in /home/site/script2.php on line 22
$html_inc = '' . $html_inc . '<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />' . "\n";
changed to
$html_inc = '' . '<meta name="ROBOTS" content="NOINDEX,NOFOLLOW" />' . "\n";

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.