session_start issue

paladin.rithe

I'm running into an issue with session_start() . I see that you can't
run it twice, otherwise it causes an issue. That's fine, and makes
sense. I also saw some ideas on how to get around this if you need to
run it more than once, and I get those as well, but none are working
for me.
Here's a mockup of what I have:

index.php
info.php
lib/common.php
lib/output.php

index.php
<?php
require_once('l ib/common.php');
require_once('l ib/output.php');

sessionStart();

runout();
?>

info.php
<?php
require_once('l ib/common.php');
require_once('l ib/output.php');

sessionStart();

output("Hello World");

outputStop();
?>

lib/common.php
<?php
ob_start();

function startSession()
{
if(!isset($_SES SION))
{
session_start() ;
}
}

?>

lib/output.php
<?php
require_once('l ib/common.php');
sessionStart();

function output($out)
{
$_SESSION['output'] .= $out;
}

function outputStop()
{
header("Locatio n: index.php");
}

function outrun()
{
echo $_SESSION['output'];
}
?>

As near as I can tell (I have other session variables that this is
happening to) the sessionStart function in output.php is interfearing
with the one in info.php. When I comment the one from output.php out,
my scripts run fine, but with it I get errors, usually something about
a class not being fully defined (from another lib/*.php file).
Can anyone see anything wrong with what I'm doing? The only reason I'm
doing it this way is so users can't use the back button (I'm working on
a game, and would rather not have people hit back to try and get around
stuff, but that would be to their detrememnt probably anyway) so all
the output is done by index.php (in this example at least). I am
storing the output info in the session variable so index.php can
actually use it.
Of course, on the other hand, if someone has an idea for getting around
the "Back" issue without doing it this way, I'm open to suggestions.
Although I'd probably have to run stuff through a filter of some sort
still, just for security purposes, but that's another story.

Oct 9 '06 #1

Subscribe Reply

1725

jody.mickey

Well first off I see that you are calling sessionStart() a few times
but the function you have written is called startSession(), which looks
like your session would never get started.

Be warned that sessions won't work unless the user has cookies enabled,
and a clever user could modify cookies as they see fit. If your
hosting provider allows htaccess files, I would suggest using
auto_prepend_fi le. It will allow you to include a file at the top of
any page that is requested and it can be applied at the directory
level. See http://httpd.apache.org/docs/1.3/howto/htaccess.html for
how to set this up, and you might have to search around for
auto_prepend_fi le, but the syntax is like this:

php_value auto_prepend_fi le prepend.php

That's it.

prepend.php might look like this:

<?php

session_start() ;
if(empty($_SESS ION))
{
// it's a new session, do your thing
}

?>

Also note that even by setting session.gc_maxl ifetime, your session
might expire earlier or later than you planned. See this article:
http://blog.centresource.com/2006/05...-an-adventure/

pa***********@g mail.com wrote:

I'm running into an issue with session_start() . I see that you can't
run it twice, otherwise it causes an issue. That's fine, and makes
sense. I also saw some ideas on how to get around this if you need to
run it more than once, and I get those as well, but none are working
for me.
Here's a mockup of what I have:

index.php
info.php
lib/common.php
lib/output.php

index.php
<?php
require_once('l ib/common.php');
require_once('l ib/output.php');

sessionStart();

runout();
?>

info.php
<?php
require_once('l ib/common.php');
require_once('l ib/output.php');

sessionStart();

output("Hello World");

outputStop();
?>

lib/common.php
<?php
ob_start();

function startSession()
{
if(!isset($_SES SION))
{
session_start() ;
}
}

?>

lib/output.php
<?php
require_once('l ib/common.php');
sessionStart();

function output($out)
{
$_SESSION['output'] .= $out;
}

function outputStop()
{
header("Locatio n: index.php");
}

function outrun()
{
echo $_SESSION['output'];
}
?>

As near as I can tell (I have other session variables that this is
happening to) the sessionStart function in output.php is interfearing
with the one in info.php. When I comment the one from output.php out,
my scripts run fine, but with it I get errors, usually something about
a class not being fully defined (from another lib/*.php file).
Can anyone see anything wrong with what I'm doing? The only reason I'm
doing it this way is so users can't use the back button (I'm working on
a game, and would rather not have people hit back to try and get around
stuff, but that would be to their detrememnt probably anyway) so all
the output is done by index.php (in this example at least). I am
storing the output info in the session variable so index.php can
actually use it.
Of course, on the other hand, if someone has an idea for getting around
the "Back" issue without doing it this way, I'm open to suggestions.
Although I'd probably have to run stuff through a filter of some sort
still, just for security purposes, but that's another story.

Oct 9 '06 #2

.:[ ikciu ]:.

Hmm Uzytkownik <jo*********@gm ail.comwrote:

prepend.php might look like this:

<?php

session_start() ;
if(empty($_SESS ION))
{
// it's a new session, do your thing
}

this is wrong solution, because some1 can send sesID to other and they will
work on same session, only one solution - use login and pass then don't
allow multilogin on same account
--
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();

Oct 10 '06 #3

fletch

On Oct 10, 7:31 am, ".:[ ikciu ]:." <n...@mail.comw rote:

Hmm Uzytkownik <jody.mic...@gm ail.comwrote:
prepend.php might look like this:

<?php

session_start() ;
if(empty($_SESS ION))
{
// it's a new session, do your thing
}this is wrong solution, because some1 can send sesID to other and they will
work on same session, only one solution - use login and pass then don't
allow multilogin on same account

This only applies if the session is being used to do something
important of course. Stealing a session may not be dangerous if all it
is used for is, for example, keeping a list of read news group
articles. Also this method has problems in terms of coping with users
who do not log out. You have to build some kind of automatic log out.
I've seen systems like this and they can be a bugger to work with.

I would suggest linking the session to the IP if you're feeling
paranoid.

fletch

Oct 10 '06 #4

.:[ ikciu ]:.

Hmm fletch <ri************ ****@googlemail .comwrote:

You have to build some kind of automatic log out.
I've seen systems like this and they can be a bugger to work with.

I've made my own unique login system :)

I would suggest linking the session to the IP if you're feeling
paranoid.

nope :) still wrong solution :) IP could be dynamicly or some1 can use proxy
:)
--
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~ ~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();

Oct 10 '06 #5

paladin.rithe

Guess that's what I get for just typing it in. They should all be the
same, that's not the issue here.
If I'm reading your post right, it would be the same as reworking
common.php to have it check for the session and if it's not there,
start it up. I'm using XAMP right now, as I'm just developing stuff,
so I don't have to worry about timeouts, but I will keep that in mind
for later.
I changed my common.php as I just described, and still get the same
error. It's related to the session somehow, but I'm not sure how yet.
Here's the message I get:

Fatal error: main() [<a href='function. main'>function. main</a>]: The
script tried to execute a method or access a property of an incomplete
object. Please ensure that the class definition "Output&qu ot; of
the object you are trying to operate on was loaded _before_
unserialize() gets called or provide a __autoload() function to load
the class definition in C:\xampplite\ht docs\game\chara cterselect.php on
line 16

>From this, you can see that it's trying to run a function from the

Output class (something I'm working on changing actually, it's a little
too cumbersome the way it is now). Line 16 says this $out->clear();
Basicly, $out is mapped to $_SESSION['output'], and clear() just makes
sure the output is empty so I can write new information to it.

Does this give any more clues? I am including my lib/output.php file,
and I just made sure that it was loading it, it is. Here are lines 15
and 16, just as a clarification:

$out = &$_SESSION['output']; // $out is refrenced to the session
variable
$out->clear(); // clear the output

jo*********@gma il.com wrote:

Well first off I see that you are calling sessionStart() a few times
but the function you have written is called startSession(), which looks
like your session would never get started.

Be warned that sessions won't work unless the user has cookies enabled,
and a clever user could modify cookies as they see fit. If your
hosting provider allows htaccess files, I would suggest using
auto_prepend_fi le. It will allow you to include a file at the top of
any page that is requested and it can be applied at the directory
level. See http://httpd.apache.org/docs/1.3/howto/htaccess.html for
how to set this up, and you might have to search around for
auto_prepend_fi le, but the syntax is like this:

php_value auto_prepend_fi le prepend.php

That's it.

prepend.php might look like this:

<?php

session_start() ;
if(empty($_SESS ION))
{
// it's a new session, do your thing
}

?>

Also note that even by setting session.gc_maxl ifetime, your session
might expire earlier or later than you planned. See this article:
http://blog.centresource.com/2006/05...-an-adventure/

pa***********@g mail.com wrote:
I'm running into an issue with session_start() . I see that you can't
run it twice, otherwise it causes an issue. That's fine, and makes
sense. I also saw some ideas on how to get around this if you need to
run it more than once, and I get those as well, but none are working
for me.
Here's a mockup of what I have:

index.php
info.php
lib/common.php
lib/output.php

index.php
<?php
require_once('l ib/common.php');
require_once('l ib/output.php');

sessionStart();

runout();
?>

info.php
<?php
require_once('l ib/common.php');
require_once('l ib/output.php');

sessionStart();

output("Hello World");

outputStop();
?>

lib/common.php
<?php
ob_start();

function startSession()
{
if(!isset($_SES SION))
{
session_start() ;
}
}

?>

lib/output.php
<?php
require_once('l ib/common.php');
sessionStart();

function output($out)
{
$_SESSION['output'] .= $out;
}

function outputStop()
{
header("Locatio n: index.php");
}

function outrun()
{
echo $_SESSION['output'];
}
?>

As near as I can tell (I have other session variables that this is
happening to) the sessionStart function in output.php is interfearing
with the one in info.php. When I comment the one from output.php out,
my scripts run fine, but with it I get errors, usually something about
a class not being fully defined (from another lib/*.php file).
Can anyone see anything wrong with what I'm doing? The only reason I'm
doing it this way is so users can't use the back button (I'm working on
a game, and would rather not have people hit back to try and get around
stuff, but that would be to their detrememnt probably anyway) so all
the output is done by index.php (in this example at least). I am
storing the output info in the session variable so index.php can
actually use it.
Of course, on the other hand, if someone has an idea for getting around
the "Back" issue without doing it this way, I'm open to suggestions.
Although I'd probably have to run stuff through a filter of some sort
still, just for security purposes, but that's another story.

Oct 10 '06 #6

Similar topics

2896

session_start failure

by: Florence HENRY | last post by:

Hello, I've searched about my problem on google before posting, but I didn't find anything relevant... I have a problem with session_start. Here is my code : <html> <head> <?php session_start();

PHP

11147

Session_Start() Doesn't Work

by: Chris Allen | last post by:

Hi I'm new to PHP and I'm trying to create a Login Form. Once the user has logged in then he shouldn't have to log in again. The trouble is I'm getting a new session ID between every page and so it doesn't recognise the user. I've used Session_Start() which I thought was meant to maintain the session variables between pages but it doesn't do work. Any ideas or FAQ's?

PHP

1838

Bizarre session_start error

by: D. Alvarado | last post by:

Hello, I have moved my site to a hosting environment with PHP 4. But I get this bizarre error upon invoking session_start() Warning: session_start(): open(/tmp/php/sessions/b/3/c/sess_b3c32ee4770b585fe49244f043b4dafa, O_RDWR) failed: No such file or directory (2) in /www/i/ikite/htdocs/admin/includes/functions/sessions.php on line 67 Could someone explain what this means, or what more information I should provide?

PHP

8925

How to use "session_start"

by: Mercy | last post by:

Hi, I'm a newbie. I was trying to figure out how to use the Session_start method? The reference books I'm reading say that a session STARTS when "session_start" is called. But ... in their sample code... I never see that explicitly called. Is it supposed to be called from the Global.asa file (still not sure what that is...) Is "session_start" a server-side scripting thing? Or a client-side scripting thing? I'd really appreciate a nice...

.NET Framework

2229

can I still send cookies after I've called session_start()

by: lkrubner | last post by:

I was trying to set a cookie before I called session_start() and it was giving me an error. But isn't sessions really just a cookie? Why would it matter if I sent a cookie before session_start? Can I set them afterwards?

PHP

2171

Session_Start and Microsoft Word 2002 bug?

by: Niklas Uhlin | last post by:

Someone please explain why Session_Start fires multiple times / retains SessionID values between sessions, when you open an ASP.NET page from MS Word. For details of the problem, see below: 1. Create a new C# ASP.NET web application named "demo" and modify Session_Start in Global.asax.cs as follows: protected void Session_Start(Object sender, EventArgs e) { Response.Write("Session_Start event fired at "+

ASP.NET

2222

Session_Start does not appear to fire

by: jcode | last post by:

I have an ASPNET application that has worked correctly on couple of servers. I have just deployed it to another server and cannot resolve an issue. It appears as if the Session_Start is not firing or session state is not being maintained. First lines of Session_Start: string loc = "LoadSettings";

ASP.NET

7919

how do I fix this " Warning: session_start(): Cannot send session cache limiter"

by: lawrence k | last post by:

How can I find out where my script is outputting to the screen for the first time? My error logs are full of stuff like this: PHP Warning: session_start(): Cannot send session cache limiter - headers already sent in /home/httpd/vhosts/monkeyclaus.org/httpdocs/media/audio/pdsIncludes/CommandStartSession.php on line 14

PHP

1023

Session_Start issue

by: =?Utf-8?B?U00=?= | last post by:

Hi, We had the following code in our global.asax.cs file when our code was in ..net 1.1 Please note that our production environment uses SSL ad windows authentication based single sign on. protected void Session_Start(Object sender, EventArgs e) { if (Request.IsSecureConnection == true)

ASP.NET

8481

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8400

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8924

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8602

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

7441

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

5702

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4227

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

4412

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1814

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General