Session Start PHP error message Cannot send session cache limiter - headers already sent

Question

I am using quite a simple php script (login.php) to let a user log in to a protected page. However, I keep getting these error messages

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/sites/f/mysite.co.uk/public_html/users/login.php:15) in /var/sites/f/mysite.co.uk/public_html/users/login.php on line 36

Warning: Cannot modify header information - headers already sent by (output started at /var/sites/f/freedomprogramme.co.uk/public_html/users/login.php:15) in /var/sites/f/freedomprogramme.co.uk/public_html/users/login.php on line 39

and the page won't redirect to the Welcome page, which has this line at the top

<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("Location: login.php");
}
else
{
?>

Here are the contents of login.php

<!doctype html>
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login</h1>
<form action="" method="post">
<label>Username:</label><input type="text" name="user"><br/>
<label>Password:</label><input type="password" name="pass"><br/>
<input type="submit" value="Login" name="submit"><br/>
<!--New user Register Link -->
<p><a href="register.php">New User Registration!</a></p>
</form>
<?php
if(isset($_POST["submit"])){
if(!empty($_POST['user']) && !empty($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
//DB Connection
$conn = new mysqli('xxxx', 'yyyy', 'zzzz') or die(mysqli_error());
//Select DB From database
$db = mysqli_select_db($conn, 'yyyy') or die("databse error");
//Selecting database
$query = mysqli_query($conn, "SELECT * FROM userpass WHERE user='".$user." AND pass='".$pass."'");
$numrows = mysqli_num_rows($query);
if($numrows !=0)
{
while($row = mysqli_fetch_assoc($query))
{
$dbusername=$row['user'];
$dbpassword=$row['pass'];
}
if($user == $dbusername && $pass == $dbpassword)
{
session_start();
$_SESSION['sess_user']=$user;
//Redirect Browser
header("Location:welcome.php");
}
}
else
{
echo "Invalid Username or Password!";
}
}
else
{
echo "Required All fields!";
}
}
?>
</body>
</html>

Any help appreciated. Thanks in advance

You already have some output before `session_start();`. Put this `session_start();` at the very top of your PHP scripts. — Rajdeep Paul, Dec 21 '16 at 19:50

score 1 · Accepted Answer · answered Dec 21 '16 at 19:50

1

You need to move

<?php if(isset($_POST["submit"])){ ... ... ... } ?>

To the top of the page, before <!doctype html>.

The reason is that the headers of a HTTP response must always be before the body. But in your code the body (HTML) is before the functions which send headers (session_start() and header())

answered Dec 21 '16 at 19:50

Xymanek

1,357
14
25

including `session_start();` – Funk Forty Niner Dec 21 '16 at 20:00
1

Great- thanks - that worked. – Joel Dec 21 '16 at 21:10
I thought I would have had to let the user input the username and password before checking it matched and forwarding them to the Welcome page, but obviously not! Thanks for your help – Joel Dec 21 '16 at 21:12

score 1 · Answer 2 · answered Dec 21 '16 at 19:59

"Headers already sent" means that your PHP script already sent the HTTP headers, and as such it can't make modifications to them now.

Check that you don't send ANY content before calling session_start. Better yet, just make session_start the first thing you do in your PHP file (so put it at the absolute beginning, before all HTML etc).

Session Start PHP error message Cannot send session cache limiter - headers already sent

2 Answers2