PHP Headers already sent - session_start() and setcookie()

Question

function sec_session_start() {
$session_name = 'exon_id_sessfval';
$secure = false;
$httponly = true;
ini_set('session.use_only_cookies', 1);
$cookieParams = session_get_cookie_params(); 
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
session_name($session_name);
session_start();
session_regenerate_id();
}

The following code above generates a headers already sent warning when in relation to session_start() even if I use ob_start() on the first line to try to ignore the problem.

its called on a page like follows:

<?php 
include('./inc/sessions.php');
sec_session_start();
header("Location: index.php");

Any advice? Of course the header is included in a logical operator to check with a user is logged in, but its not outputting anything. The traceback comes to session_start() so I take it that it has something to do with cookie only sessions.

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /customers/b/2/5/edited.com/httpd.www/beta/login.php:1) in /customers/b/2/5/edited.com/httpd.www/beta/inc/sessions.inc.php on line 11

Warning: session_regenerate_id(): Cannot regenerate session id - headers already sent in /customers/b/2/5/edited.com/httpd.www/beta/inc/sessions.inc.php on line 12

Warning: Cannot modify header information - headers already sent by (output started at /customers/b/2/5/edited.com/httpd.www/beta/login.php:1) in /customers/b/2/5/edited.com/httpd.www/beta/login.php on line 13

You obviously have output above one of your files and could be inside one of your included files. Anything above ` — Funk Forty Niner, Sep 06 '13 at 19:30
try to put session_start(); as first as possible in your page — Charaf JRA, Sep 06 '13 at 19:31

score 3 · Accepted Answer · answered Sep 06 '13 at 19:35

3

You obviously have output above one of your files and could be inside one of your included files. Anything above <?php is considered as output.

"Anything" could be HTML, text, a space, a tab, a BOM (byte order mark), even a cookie.

answered Sep 06 '13 at 19:35

Funk Forty Niner

74,450
15
68
141

Yes, thanks. BOM Character it was – Resurgent Sep 06 '13 at 19:36
@user1597648 You're welcome and that's what I thought. Also a cookie will also be considered as output, strangely enough. – Funk Forty Niner Sep 06 '13 at 19:36
@user1597648 If you can accept my answer as the correct one, that way it won't remain as "unanswered". Cheers – Funk Forty Niner Sep 06 '13 at 19:38
5 Minutes until I can accept. Thanks for your assistance. – Resurgent Sep 06 '13 at 19:39

score 1 · Answer 2 · answered Sep 06 '13 at 19:33

1

Yes, I just checked.

I selected Encoding UTF-8 without BOM in Notepad+++ and it solved the problem.

Thanks.

answered Sep 06 '13 at 19:33

Resurgent

525
2
9
20

score 0 · Answer 3 · answered Sep 06 '13 at 19:34

Put ob_start(); at the beginning of your script. It enables output buffering, so nothing will be printed until the script finishes (or you flush the buffer manually).

Also remember that any character (including spaces, line breaks and stuff like that) is considered output. The first characters of any PHP file need to be <?php.

PHP Headers already sent - session_start() and setcookie()

3 Answers3