session_start() and header('location:') redirect

Question

Possible Duplicate:
Headers already sent by PHP

I'm having a problem with session_start() and header('Location:') on a log out php file.

I'm linking to the log out file using a simple anchor tag from a html file. The logout php file is this:

<?php
session_start();
session_destroy();
header("Location: index.php");
?>

To see where the errors where I used,

error_reporting(E_ALL);
ini_set('display_errors', '1');

I got a warning that "Warning: session_start(): Cannot send session cache limiter - headers already sent" on line 4 (where session_start(); is) and Warning: Cannot modify header information - headers already sent on line 6 (where header('Location') is).

I've had a look around for others who have had similar problems. I've made sure there's no whitespace before the session_start(). Nothing is being outputted before it. I've tried only setting session_start() if it's not already set. I've tried buffering it with ob_start(). I tried a relative and absolute path for the redirect just to make sure. But nothing has worked.

Am I missing something? Any help is much appreciated.

It's important to mention *where* you added those `error_reporting()` and `ini_set()` lines. They won't do anything afterwards. — Ja͢ck, Dec 16 '12 at 14:16
`session_start()` is on line 2 in this code. Please give the whole code and put `session_start()` right after ` — , Dec 16 '12 at 14:17
@Jack @lam3r4370 I added them before the `session_start()` so `session_start()` became line 4 and `header` line 6. — nerdarama, Dec 16 '12 at 14:19
They're causing the problem. Remove them or add them in the end of your code. — , Dec 16 '12 at 14:22
the logout file has called directly or is there a rewrite rule? Are you sure that the line 4 is of your logout file? — Luca Rainone, Dec 16 '12 at 14:25
@lam3r4370 I only added them in to see what the error was. Galchen's answer below is what was wrong. Notepad++ setting BOM encoding. Thanks everyone! — nerdarama, Dec 16 '12 at 14:26

galchen · Accepted Answer · 2012-12-16T14:29:24.973

8

check out BOM

http://en.wikipedia.org/wiki/Byte_order_mark

in notepad++ - encoding -> utf8 without BOM

EDIT

just to comment - you should use exit; after header("Location...") to make sure nothing else will run, as recommended in http://php.net/manual/en/function.header.php

edited Dec 16 '12 at 14:29

answered Dec 16 '12 at 14:17

galchen

5,252
3
29
43

Very good notice +1, I bit that the asker is using Windows in his development machine. This makes there is some text sent before session and header. – SaidbakR Dec 16 '12 at 14:18
As an addition, Using a PHP IDE such as netbeans or KomodoEdit making life easier with such issues. – SaidbakR Dec 16 '12 at 14:24
+1 This was it. Thank you! Will accept once the time is up. – nerdarama Dec 16 '12 at 14:27

score 0 · Answer 2 · answered Dec 16 '12 at 14:19

0

Sometimes, the ending ?> tag is known to cause this issue. In a file containing PHP and nothing else, removing ?> almost always solved headers already sent problems for me.

answered Dec 16 '12 at 14:19

Aditya M P

5,127
7
41
72

so? he shouldn't use the end tag :O – Mr. Alien Dec 16 '12 at 14:19
but the ending tag is AFTER the header functions. the end tag doesnt matter here – galchen Dec 16 '12 at 14:20
@galchen is that what you say a good way to go for? what's `exit` used for – Mr. Alien Dec 16 '12 at 14:20
Mr. Alien, I do not understand, are you surprised `?>` is bad? I believe it is best practice to not use it where there is no HTML in a file and only PHP. Almost all frameworks and CMSes I know recommend this. – Aditya M P Dec 16 '12 at 14:22
`exit` plus removing `?>` will be a good combo. Though, its not the case here. – itachi Dec 16 '12 at 14:23
`exit` should be avoided. I have almost completely stopped using it. Use natural logic flow in a way that the script stops, not choke it and `exit`. I use that function for debugging only these days, in conjunction with var_dump() – Aditya M P Dec 16 '12 at 14:25
@Mr.Alien i never use ?>. i think it's a better practice to avoid it when it's not needed. after header('Location..') it's best to use exit or end the script (and ending tag and EOF are fine). Even in the php.net example they are using exit; (http://php.net/manual/en/function.header.php) – galchen Dec 16 '12 at 14:27

score 0 · Answer 3 · answered Dec 16 '12 at 14:25

PHP *session_destroy()* is only one part of the matter. You also need to explicitly remove the data from the $_SESSION array. You may also need to clean up the cookies. You cannot test this successfully if you have more than one instance of the browser (window or tab) open at the same time -- they all share the same cookie jar, and thus share the same PHP session.

You may be able to read this link: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

This code is a good logout example.

<?php
session_start();
// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();

// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
   setcookie(session_name(), '', $cookie_expires, '/');
}

// TELL PHP TO ELIMINATE THE SESSION
session_destroy();

// SAY GOODBYE...
echo "YOU ARE LOGGED OUT$uid.  GOODBYE.";

// OR REMOVE THE GOODBYE MESSAGE AND ACTIVATE THESE LINES TO REDIRECT TO THE HOME PAGE
// header("Location: /");
// exit;

Shahbaz Pothiawala · Answer 4 · 2012-12-16T14:39:15.220

-3

copy paste this

<?
session_start();
session_unset();
session_destroy();
ob_start();
header("location:home.php");
ob_end_flush();
exit();
?>

edited Dec 16 '12 at 14:39

answered Dec 16 '12 at 14:30

Shahbaz Pothiawala

1,175
5
20
38

This is completely wrong and wouldn't solve his problem. The problem is already solved. – Wouter J Dec 16 '12 at 14:51

session_start() and header('location:') redirect

4 Answers4