6

So I'm starting my own website and I have the login file pretty much made. I just need to figure out where to put the session_start to keep the user logged in. Where exactly do I put the session_start? Do I put it right in the login file? Or where do I put it?

Thanks for the help

user3053564
  • 77
  • 1
  • 1
  • 4

6 Answers6

9

Put it after your PHP start tag <?php ... like this

<?php
session_start();
//... your code....


//more code....

Read more on sessions from the PHP Manual. Here

Note : Also keep in mind, you need to call session_start(); on each and every page if you are making use of session variables.

Shankar Narayana Damodaran
  • 68,075
  • 43
  • 96
  • 126
5

Put it right after the start tag, or else headers will have been send, and the session, AFAIK, has to be the first header sent

<?php
session_start();
//session code here
?>
scrblnrd3
  • 7,228
  • 9
  • 33
  • 64
2

Right after <?php tag.

Be sure that there is NO output before this function (even a space symbol or so).

Paul Denisevich
  • 2,329
  • 14
  • 19
2

You want to put session_start(); at the top of your page before any other code. However, if you are using includes to make your life easier, it's best to put it at the very top of a file that is included in all files. For instance, when I make a website, I put all of my header code and footer code in separate files and include them in the other files. I also have a functions file that is included in every other page of the website. So for my index file, it may look something like this:

<?php include_once("includes/header.php"); ?>

<div id="content">
    Website Content
</div>

<? include_once("includes/footer.php"); ?>

Then, my header file would start like:

<?php include_once("includes/functions.php"); ?>
<!doctype html>
<html>
    <body>

Then at the top of my functions file:

<?php session_start();

[functions]
?>

In this way, the functions files' code gets ran first, therefore the session start code is the very first thing hit. Why? You cannot have any type of output to the browser before starting a session.

James
  • 3,765
  • 4
  • 48
  • 79
1

it's better to have a separate file other than your login to do some common stuffs. i think your login file will be generally handling user verification and validation thing. so don't include that file on every page.

have one more file that

  • includes all required files
  • keeps all your analytic scripts
  • initializes global variables

and this file you can start with <?php session_start(); ?>

Ashish Sajwan
  • 705
  • 8
  • 16
0

session_start() needs to go in every page/file that refers to $_SESSION (obviously the login page is included).

Because you should only be calling it once, I tend to write a lazy_session_start() method (and tend to put it in an include file):

/**
 * Lazily calls session_start (to prevent warnings).
 */
function lazy_session_start() {
  if (!isset($_SESSION) || !is_array($_SESSION)) {
    session_start();
  }
}

It could be called like so (before you need to use $_SESSION):

<?php
//you must either declare "lazy_session_start" function
//or import the file containing the function definition.
require_once('lazy_session_start.php'); //or something.

lazy_session_start();
//... you may now use the $_SESSION array.
EthanB
  • 4,239
  • 1
  • 28
  • 46