"session has already been started...." exception in Zend Framework application

Question

I get this error when trying to load a Zend Framework application:

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'session has already been started by session.auto-start or session_start()' in /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session.php:462

Stack trace:

#0 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session/Namespace.php(143): Zend_Session::start(true)

#1 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth/Storage/Session.php(87): Zend_Session_Namespace->__construct('Zend_Auth')

#2 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth.php(91): Zend_Auth_Storage_Session->__construct()

#3 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth.php(141): Zend_Auth->getStorage()

#4 /www/htdocs/w00a1ed7/autospin/redaktion/application/layouts/scripts/layout.phtml(31): Zend_Auth->hasIdentity()

#5 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/View.php(108): include('/www/htdocs/w00...')

#6 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/View/Abstract.php(831): Zend_View->_run('/www/htdocs/w00...')

#7 /www/htdocs/w00a1ed in /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session.php on line 462

I Use Zend_Auth and on my local server and it works well, but on a production server I get the preceding error, but not every time.

I have checked that session.autostart is set to 0 in the .htaccess file.

How do I fix this error?

---

Thank you for your Answer, but I do not user session_start() anywhere. Work only with ZF.

I Have this Problem only on shared server, on my local server script works perfectly.

I Use INIT Function with this code:

protected $user;

public function init()
{   
    if(!Zend_Auth::getInstance()->hasIdentity())
    {
        $this->_redirect('auth/login');
    }else
    {
        $this->user = Zend_Auth::getInstance()->getIdentity();
    }
}

I allready try to set tis code only in indexAction, so that other actions do not have to chack the Auth... but still have problems.

Ist there a way to set in an Action to do not check about session or somethink like this?

Beste regards

Answer 1

Before this drives you mad, there's probably nothing wrong with your code!

Check your application.ini for the session save path, for me it is APPLICATION_PATH '/session'

Now check you have the correct permissions! If not then cd into the application folder and type

sudo chmod 777 session
sudo chown -R [usernamehere] session
sudo chgrp -R [usernamehere] session

Job Done!

Answer 2

It's what it says it is. Zend_Auth tries to start a new session, since Zend_Session::start() has not yet been called.

The problem is that Zend_Session::start() has to be called before a session is started. But, since session.autostart is 0 (btw this is in php.ini not .htaccess), you have probably written session_start(); somewhere. You're not allowed to do that, since ZF wishes to have full control over sessions, i.e. you shouldn't access the global session variable directly.

To solve it, search your code files for session_start() and either

1. remove all occurences but one. To notice if it's already been started, set error_reporting(E_ALL|E_STRICT);
2. replace it with Zend_Session::start(); at all places

If you can't find all occurrences, find the one session_start(); that bothers your Zend_Auth::getInstance()->hasIdentity() and solve the problem quick n' dirty with the following snippet

try {
    Zend_Session::start();
} catch(Zend_Session_Exception $e) {
    session_start();
}

If you're using ZF in your whole application, I would go with 2)

Answer 3

I had the same error. On local machine, everything worked fine. On server not. My solution was to put Zend_Session::start(); in the index.php before running bootstrap. So that it looks like this:

<?php
// Define path to application directory
defined('APPLICATION_PATH')
    || define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/../application'));

// Define application environment
defined('APPLICATION_ENV')
    || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));

// Ensure library/ is on include_path
set_include_path(implode(PATH_SEPARATOR, array(
    realpath(APPLICATION_PATH . '/../library'),
    get_include_path(),
)));

/** Zend_Application */
require_once 'Zend/Application.php';  

// Create application, bootstrap, and run
$application = new Zend_Application(
    APPLICATION_ENV, 
    APPLICATION_PATH . '/configs/application.ini'
);

error_reporting(E_ALL);
ini_set("display_errors", 1);

Zend_Session::start();

$application->bootstrap()->run();

Answer 4

There are 3 major reasons that produce this issue:

1. session.auto_start should be set to 0 or off. You can check it by placing phpinfo(); in any file and try to access it in browser, then search auto_start is it 0 or off. If not then set it off or 0.
2. Check session path session.save_path in configuration at server. If with default configuration it's displaying error 'session has already been started by session.auto-start or session_start()', set it to '/temp'
3. May be you have used session_start() in your code before zend session initialization.

In most cases the 2nd option is the reason.

Answer 5

If you are developing applications with the RPCL library (RADPHP) and you are getting this error:

Application raised an exception class Zend_Session_Exception with message 'session has already been started by session.auto-start or session_start()',

then here is my solution.

You will be surprised how simple it is. Simple include the line

require_once("zcommon.inc.php");

just after the opening PHP tag in the file containing ZAuth component – usually this is the file with a DataModule form. Of course make sure the file zcommon.inc.php is in your path. This will ensure that the Zend session will start first instead of the RPCL session.

Also make sure the name of the php files in your application correspond to the name of the containing classes.

Answer 6

I'd like to draw your attention to the garbage collection problem, solved here Issues with PHP 5.3 and sessions folder or http://somethingemporium.com/2007/06/obscure-error-with-php5-on-debian-ubuntu-session-phpini-garbage.

After fixing the 'session has already been started' I encountered the GC bug. I suspect that the GC bug might be the root cause for the session bug at least in some instances. So far I have not had enough time to investigate thoroughly, but please comment if GC and session bug are related in your case as well.

Answer 7

In case this of any use, I cleared this error by taking out session related lines from my application/config/application.ini

;resources.session.save_path = APPLICATION_PATH "/../data/session"
;resources.session.use_only_cookies = true
;resources.session.remember_me_seconds = 3600

Thanks to chelmertz for the insight into the cause of the problem.

Answer 8

There is an issue opened for this problem:

#25 "session has already been started by session.auto-start or session_start()" error message is misleading

Answer 9

had the same error. it occured only if two instances of the same session were used at the same time (e.g. two browser instances were loading at the same time). This is a result of php not being able to handle two open sessions with the same id at the same time.

Answer 10

For those moving from one server to another. Another issue can be user that apache runs under. I was running a different user on my old box that was set on the new one. I used configs from my old httpd.conf, and forgot to update the permissions on /var/lib/php/session to reflect the different user.

To test, I changed the perms to 777. Everything worked fine, error was gone:

# cd /var/lib/php
# chmod 0777 session

So I returned the perms and changed the group. Of course change newApacheUser to the user account you are running httpd on IF NOT apache.

# chmod 0770 session
# chown root:newApacheUser session

Something to check out if your still having this issue:

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'session has already been started by session.auto-start or session_start()'

Answer 11

The problem might be related to session.save_path. You can try ini_set('session.save_path', 'path-to-your-session-storage-directory');

Answer 12

I had the same problem and searching through all of the posts including this one I couldn't find an answer until I released that although I had the same exception result, my error was caused by something completely different.

I actually had an issue with autoloading. Because of the problem during Bootstrap I believe this caused the exception above to be shown (hiding the real error).

So if you went through all of the other possible fixes, try commenting out the details in your Bootstrap and see if that gets you past this problem. Obviously you slowly bring back the different parts of the bootstrap to uncover the real problem.

Answer 13

You can try to access the page in a fresh incognito browser.

If it works, maybe it is a browser cache or cookie problem.

An error of this kind could probably appear after using different instances or installations of the same application, which is often the case during development or installation.