session_start( )

SaranacLake · December 25, 2019

For as long as I can remember, I always start my php scripts with...

	// Initialize session.
	session_start();

On my webserver, cPanel keeps populating a error_log with the following entry..

	[<date>] PHP Notice: session_start():  session has already been started - ignoring in path/to/suspect/script.php on line 10

Have I been using PHP session incorrectly all of this time?!

Fwiw, I don't get this error - at least not that I know - locally in MAMP...

maxxd · December 25, 2019

If you start all your php scripts with that, then you're attempting to start an already started session every time you use an include or require directive. Depending on the pattern you're using it may or may not be easy to make sure you only instantiate the session once, but you can always check to see if a session has been started before attempting to start another one.

SaranacLake · December 25, 2019

3 minutes ago, maxxd said:

If you start all your php scripts with that, then you're attempting to start an already started session every time you use an include or require directive. Depending on the pattern you're using it may or may not be easy to make sure you only instantiate the session once, but you can always check to see if a session has been started before attempting to start another one.

So I have been coding things incorrectly all these years??? 😮

I was sure that I learned in some PHP book that you just include session_start() at the top of every script, and that PHP was smart enough to figure out if you were starting the session for the first time, or continuing from another page?!

That isn't the case, huh????

If what I have is truly wrong, maybe I could do this at the top of every PHP script...

	if(!isset($_SESSION)){
	     session_start();
	}

requinix · December 25, 2019

1 hour ago, SaranacLake said:

I was sure that I learned in some PHP book that you just include session_start() at the top of every script, and that PHP was smart enough to figure out if you were starting the session for the first time, or continuing from another page?!

Must be a really old book.

1 hour ago, SaranacLake said:

If what I have is truly wrong, maybe I could do this at the top of every PHP script...

What you should do is actually learn how to program with PHP instead of throwing code into files and tweaking it until it works.

SaranacLake · December 25, 2019

3 hours ago, requinix said:

What you should do is actually learn how to program with PHP instead of throwing code into files and tweaking it until it works.

Then why don't you enlighten me on the proper way to do sessions... 🙄

maxxd · December 25, 2019

4 hours ago, SaranacLake said:

Then why don't you enlighten me on the proper way to do sessions...

Well, you could try your idea about checking to see if $_SESSION is set, or you could read the manual page I linked to and use session_status(). I personally like a front-loader style pattern, so when I'm not using a CMS or framework (which will usually handle sessions for you by doing exactly this) I typically turn on sessions in the initial loader file then forget about it.

Edited December 25, 2019 by maxxd
tpyo

ginerjm · December 25, 2019

Yes you could add an extra line of code to do the check. But - the better way is to decide which scripts are your 'major' ones, ie, the ones that start a process. The ones that are used solely as includes/requires (I think of them as modules) do not need to begin a session and that is when you have to think about it.

FWIW - that PHP 'notice' is just that - a notice. Not an error or warning. When you see it make the change. If you have even basic programming skills I don't think you would ever have a script that is both a "trigger" script and an included module.

Have a Merry!

SaranacLake · January 11, 2020

On 12/25/2019 at 8:31 AM, ginerjm said:

Yes you could add an extra line of code to do the check. But - the better way is to decide which scripts are your 'major' ones, ie, the ones that start a process. The ones that are used solely as includes/requires (I think of them as modules) do not need to begin a session and that is when you have to think about it.

My website basically consists of 3 pages - minus error pages.

Page 1 is a login

Page 2 is a menu

Page 3 is a photo gallery

Then I have access-denied and page-not-found scripts.

You need to be logged in for sure to see Page 2 and 3.

So I need a session on pages 1-3 definitely.

So what is the best way to incorporate sessions on all of my non-included pages?

Something like this...

	if ( is_session_started() === FALSE ) session_start();

I swear that when I learned PHP the books I read said to just stick session_start at the top of every pages and PHP would know whether the session had already been started.

If that isn't true, then how do you do things?

On 12/25/2019 at 8:31 AM, ginerjm said:

FWIW - that PHP 'notice' is just that - a notice. Not an error or warning.

So if I just left things as they are then no real harm?

(Of course I want to write good code!!)

ginerjm · January 11, 2020

You ask what to do with "non-included" scripts. Well - if they are not being used as includes then it sounds like they are what I called major scripts, meaning that they start a process. So - yes, do a session start.

A notice is a notice. As I also said - if you see a notice, fix that script.

SaranacLake · January 11, 2020

4 hours ago, ginerjm said:

You ask what to do with "non-included" scripts. Well - if they are not being used as includes then it sounds like they are what I called major scripts, meaning that they start a process. So - yes, do a session start.

A notice is a notice. As I also said - if you see a notice, fix that script.

Right, and I also asked what is the best way to fix that notice.

Currently I have this in all of my "major" scripts...

	// Initialize session. session_start();

And I asked if this would solve the problem...

	if(!isset($_SESSION)){      session_start(); }

Or maybe this..

if ( is_session_started() === FALSE ) session_start();

[code]

OR maybe you have an even better approach?

I'm asking for some help here because obviously how I thought you set up sessions is wrong!

Thanks.

benanamen · January 11, 2020

4 minutes ago, SaranacLake said:

maybe you have an even better approach?

The better approach is to have a single point of entry to the site/application. Then as mentioned, you set the session once in the main file.

Here is a free video series tutorial on Php by the Laravel Laracast guy. Even I, after more than 30 years of programming learned several new things.

https://laracasts.com/series/php-for-beginners

SaranacLake · January 11, 2020

1 minute ago, benanamen said:

The better approach is to have a single point of entry to the site/application. Then as mentioned, you set the session once in the main file.

Here is a free video series tutorial on Php by the Laravel Laracast guy. Even I, after more than 30 years of programming learned several new things.

https://laracasts.com/series/php-for-beginners

Thanks, but no. I am looking to fix how I currently sue sessions, not re-architect my site.

benanamen · January 11, 2020

1 minute ago, SaranacLake said:

Thanks, but no. I am looking to fix how I currently sue sessions, not re-architect my site.

I'm sorry, I assumed you wanted to learn how to do things better. My bad.

SaranacLake · January 11, 2020

I see various comments on how to do things in the manual, but I don't know which approach is best...

https://www.php.net/manual/en/function.session-status.php

SaranacLake · January 11, 2020

Just now, benanamen said:

I'm sorry, I assumed you wanted to learn how to do things better. My bad.

You are proposing that I take a class on PHP. That is overkill.

I am just interested right now in refactoring this particular problem without going for gold-plating! 😉

benanamen · January 11, 2020

1 minute ago, SaranacLake said:

I am just interested right now in refactoring this particular problem

In that case, just remove the session start from your include files. You should have no need to check if a session has been started.

SaranacLake · January 11, 2020

2 minutes ago, benanamen said:

In that case, just remove the session start from your include files. You should have no need to check if a session has been started.

I have already said I do NOT have sessions in my include files...

benanamen · January 11, 2020

Tell you what, if you can provide a zip of your files I will review it and tell you what is wrong.

SaranacLake · January 11, 2020

1 minute ago, benanamen said:

Tell you what, if you can provide a zip of your files I will review it and tell you what is wrong.

You really like to troll for other people's code, don't you?

Not interested in your help.

There are others here that will answer my questions...

benanamen · January 11, 2020

OMG! I could care less about your code dude! I was just trying to help you. Good luck getting assistance with that attitude.

Edited January 11, 2020 by benanamen

kicken · January 11, 2020

On 12/24/2019 at 9:00 PM, SaranacLake said:

I was sure that I learned in some PHP book that you just include session_start() at the top of every script, and that PHP was smart enough to figure out if you were starting the session for the first time, or continuing from another page?!

That isn't the case, huh????

session_start will automatically determine if your starting a new session or resuming one that already exists, but this is not what your error is referring to. The error you're seeing relates to calling session_start multiple times within the same request. The function is only intended to be called once at the start of your request, which is not the same as at the start of every *.php file you have.

If you want to have your separate pages that people request and not re-design your application to use a common front-end script or some framework then what you should do is have a common include file that handles your session (and other stuff as needed) and include that in each of your main entry pages using require_once.

So your entry points should be coded something like:

<?php

require_once './includes/common.php';

//whatever else your script does

And your common include would just be

<?php

session_start();

//whatever other common code you want

This common include could contain things like your session management code, database connection code, function definitions, etc.

Note: there's also a php.ini setting called session.auto_start. If you've enabled that then you don't need to manually call session_start().

SaranacLake · January 11, 2020

@kicken to the rescue!!

52 minutes ago, kicken said:

session_start will automatically determine if your starting a new session or resuming one that already exists, but this is not what your error is referring to.

So I was right on that point.

52 minutes ago, kicken said:

The error you're seeing relates to calling session_start multiple times within the same request. The function is only intended to be called once at the start of your request, which is not the same as at the start of every *.php file you have.

My website is super simple and only consists of 4 main pages, and then some extra things like page-not-found scripts.

Could the issue be caused by my mod_rewrites?

52 minutes ago, kicken said:
If you want to have your separate pages that people request and not re-design your application to use a common front-end script or some framework then what you should do is have a common include file that handles your session (and other stuff as needed) and include that in each of your main entry pages using require_once.

So your entry points should be coded something like:
<?php

require_once './includes/common.php';

//whatever else your script does
And your common include would just be
<?php

session_start();

//whatever other common code you want
This common include could contain things like your session management code, database connection code, function definitions, etc.

Waiting for your answer to the previous questions, but if my page is loading multiple times, then how would an include solve that issue?

52 minutes ago, kicken said:

Note: there's also a php.ini setting called session.auto_start. If you've enabled that then you don't need to manually call session_start().

I am a aware of that, but I prefer solving things in code since I am not an Apache expert.

So I was going to say that I think this would be the way to solve my issue...

	if(session_status() == PHP_SESSION_NONE){
	    //session has not started
	    session_start();
	}

I guess you will say that while correct, I don't need that code, right?

kicken · January 12, 2020

9 hours ago, SaranacLake said:

Could the issue be caused by my mod_rewrites?

No

9 hours ago, SaranacLake said:

Waiting for your answer to the previous questions, but if my page is loading multiple times, then how would an include solve that issue?

It doesn't matter how many times your page is loaded. What matters is what happens in your code on each individual request.

On each request, your code can only call session_start() once. If you try and call it more than once, then you get your error. If you call session_start in your main page and also put calls to session_start in files that you include into your pages then you'll call it multiple times. First from your main script, then again for each include.

The easiest way to accomplish this is to literally only call it once. In other words, if you were to search all the files in your entire project for the phrase session_start(), you should only get one result.

So a simple way to accomplish that would be to put your session start code into some separate file, say session_start.php then replace all your existing session_start() calls with require_once 'session_start.php'; (path adjusted as necessary).

9 hours ago, SaranacLake said:

I guess you will say that while correct, I don't need that code, right?

If your code is correctly structured such that your only calling session_start once, then there should be no need to check the session status prior to calling session_start, though doing so may be beneficial in case the session.auto_start php.ini setting gets enabled.

kicken · January 12, 2020

9 hours ago, SaranacLake said:

Quote

Note: there's also a php.ini setting called session.auto_start. If you've enabled that then you don't need to manually call session_start().

I am a aware of that, but I prefer solving things in code since I am not an Apache expert.

I pointed that out not because I recommend using it, but so that you're aware of it and can check it. You say you get this error on one sever but not the other. That kind of situation tends to be due to configuration differences, such as one being configured as session.auto_start=On and the other being session.auto_start=Off.

SaranacLake · January 12, 2020

8 hours ago, kicken said:

No

It doesn't matter how many times your page is loaded. What matters is what happens in your code on each individual request.

On each request, your code can only call session_start() once. If you try and call it more than once, then you get your error. If you call session_start in your main page and also put calls to session_start in files that you include into your pages then you'll call it multiple times. First from your main script, then again for each include.

The easiest way to accomplish this is to literally only call it once. In other words, if you were to search all the files in your entire project for the phrase session_start(), you should only get one result.

So a simple way to accomplish that would be to put your session start code into some separate file, say session_start.php then replace all your existing session_start() calls with require_once 'session_start.php'; (path adjusted as necessary).

If your code is correctly structured such that your only calling session_start once, then there should be no need to check the session status prior to calling session_start, though doing so may be beneficial in case the session.auto_start php.ini setting gets enabled.

I created a "/utilities/session.php" script and require_once that script in may main scripts.

Unfortunately, that didn't fix the issue.

I then added into "session.php" this...

	if (session_status() === PHP_SESSION_NONE){
	    start_session();
	}

That made my error go away.

I understand what you say about, but when I look at my "index.php", I do NOT include any other PHP scripts which contain a start_session(). (My "index.php includes a "config.php" file and that's it. SO what you are claiming CANNOT be an issue. And that page is nothing more than a login form.)

Likewise, if I look at my "menu.php" script which is where you go after you login, the only script I include is "config.php" which just has constants defined in it.

So while I don't deny what you are saying that calling a script with a start_session() in it multiple times will cause an error, that is not happening in my case.

Creating a session.php script is a good way to consilidate code, though.

But only adding the session_status() fixed my problem fwiw.

Sign In

session_start( )

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information