By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,117 Members | 2,142 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,117 IT Pros & Developers. It's quick & easy.

session_start issue

P: n/a
I'm running into an issue with session_start(). I see that you can't
run it twice, otherwise it causes an issue. That's fine, and makes
sense. I also saw some ideas on how to get around this if you need to
run it more than once, and I get those as well, but none are working
for me.
Here's a mockup of what I have:

index.php
info.php
lib/common.php
lib/output.php

index.php
<?php
require_once('lib/common.php');
require_once('lib/output.php');

sessionStart();

runout();
?>

info.php
<?php
require_once('lib/common.php');
require_once('lib/output.php');

sessionStart();

output("Hello World");

outputStop();
?>

lib/common.php
<?php
ob_start();

function startSession()
{
if(!isset($_SESSION))
{
session_start();
}
}

?>

lib/output.php
<?php
require_once('lib/common.php');
sessionStart();

function output($out)
{
$_SESSION['output'] .= $out;
}

function outputStop()
{
header("Location: index.php");
}

function outrun()
{
echo $_SESSION['output'];
}
?>

As near as I can tell (I have other session variables that this is
happening to) the sessionStart function in output.php is interfearing
with the one in info.php. When I comment the one from output.php out,
my scripts run fine, but with it I get errors, usually something about
a class not being fully defined (from another lib/*.php file).
Can anyone see anything wrong with what I'm doing? The only reason I'm
doing it this way is so users can't use the back button (I'm working on
a game, and would rather not have people hit back to try and get around
stuff, but that would be to their detrememnt probably anyway) so all
the output is done by index.php (in this example at least). I am
storing the output info in the session variable so index.php can
actually use it.
Of course, on the other hand, if someone has an idea for getting around
the "Back" issue without doing it this way, I'm open to suggestions.
Although I'd probably have to run stuff through a filter of some sort
still, just for security purposes, but that's another story.

Oct 9 '06 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Well first off I see that you are calling sessionStart() a few times
but the function you have written is called startSession(), which looks
like your session would never get started.

Be warned that sessions won't work unless the user has cookies enabled,
and a clever user could modify cookies as they see fit. If your
hosting provider allows htaccess files, I would suggest using
auto_prepend_file. It will allow you to include a file at the top of
any page that is requested and it can be applied at the directory
level. See http://httpd.apache.org/docs/1.3/howto/htaccess.html for
how to set this up, and you might have to search around for
auto_prepend_file, but the syntax is like this:

php_value auto_prepend_file prepend.php

That's it.

prepend.php might look like this:

<?php

session_start();
if(empty($_SESSION))
{
// it's a new session, do your thing
}

?>

Also note that even by setting session.gc_maxlifetime, your session
might expire earlier or later than you planned. See this article:
http://blog.centresource.com/2006/05...-an-adventure/

pa***********@gmail.com wrote:
I'm running into an issue with session_start(). I see that you can't
run it twice, otherwise it causes an issue. That's fine, and makes
sense. I also saw some ideas on how to get around this if you need to
run it more than once, and I get those as well, but none are working
for me.
Here's a mockup of what I have:

index.php
info.php
lib/common.php
lib/output.php

index.php
<?php
require_once('lib/common.php');
require_once('lib/output.php');

sessionStart();

runout();
?>

info.php
<?php
require_once('lib/common.php');
require_once('lib/output.php');

sessionStart();

output("Hello World");

outputStop();
?>

lib/common.php
<?php
ob_start();

function startSession()
{
if(!isset($_SESSION))
{
session_start();
}
}

?>

lib/output.php
<?php
require_once('lib/common.php');
sessionStart();

function output($out)
{
$_SESSION['output'] .= $out;
}

function outputStop()
{
header("Location: index.php");
}

function outrun()
{
echo $_SESSION['output'];
}
?>

As near as I can tell (I have other session variables that this is
happening to) the sessionStart function in output.php is interfearing
with the one in info.php. When I comment the one from output.php out,
my scripts run fine, but with it I get errors, usually something about
a class not being fully defined (from another lib/*.php file).
Can anyone see anything wrong with what I'm doing? The only reason I'm
doing it this way is so users can't use the back button (I'm working on
a game, and would rather not have people hit back to try and get around
stuff, but that would be to their detrememnt probably anyway) so all
the output is done by index.php (in this example at least). I am
storing the output info in the session variable so index.php can
actually use it.
Of course, on the other hand, if someone has an idea for getting around
the "Back" issue without doing it this way, I'm open to suggestions.
Although I'd probably have to run stuff through a filter of some sort
still, just for security purposes, but that's another story.
Oct 9 '06 #2

P: n/a
Hmm Uzytkownik <jo*********@gmail.comwrote:
prepend.php might look like this:

<?php

session_start();
if(empty($_SESSION))
{
// it's a new session, do your thing
}
this is wrong solution, because some1 can send sesID to other and they will
work on same session, only one solution - use login and pass then don't
allow multilogin on same account
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();
Oct 10 '06 #3

P: n/a


On Oct 10, 7:31 am, ".:[ ikciu ]:." <n...@mail.comwrote:
Hmm Uzytkownik <jody.mic...@gmail.comwrote:
prepend.php might look like this:
<?php
session_start();
if(empty($_SESSION))
{
// it's a new session, do your thing
}this is wrong solution, because some1 can send sesID to other and they will
work on same session, only one solution - use login and pass then don't
allow multilogin on same account
This only applies if the session is being used to do something
important of course. Stealing a session may not be dangerous if all it
is used for is, for example, keeping a list of read news group
articles. Also this method has problems in terms of coping with users
who do not log out. You have to build some kind of automatic log out.
I've seen systems like this and they can be a bugger to work with.

I would suggest linking the session to the IP if you're feeling
paranoid.

fletch

Oct 10 '06 #4

P: n/a
Hmm fletch <ri****************@googlemail.comwrote:
You have to build some kind of automatic log out.
I've seen systems like this and they can be a bugger to work with.
I've made my own unique login system :)
I would suggest linking the session to the IP if you're feeling
paranoid.
nope :) still wrong solution :) IP could be dynamicly or some1 can use proxy
:)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this =mysql_query();
Oct 10 '06 #5

P: n/a
Guess that's what I get for just typing it in. They should all be the
same, that's not the issue here.
If I'm reading your post right, it would be the same as reworking
common.php to have it check for the session and if it's not there,
start it up. I'm using XAMP right now, as I'm just developing stuff,
so I don't have to worry about timeouts, but I will keep that in mind
for later.
I changed my common.php as I just described, and still get the same
error. It's related to the session somehow, but I'm not sure how yet.
Here's the message I get:

Fatal error: main() [<a href='function.main'>function.main</a>]: The
script tried to execute a method or access a property of an incomplete
object. Please ensure that the class definition &quot;Output&quot; of
the object you are trying to operate on was loaded _before_
unserialize() gets called or provide a __autoload() function to load
the class definition in C:\xampplite\htdocs\game\characterselect.php on
line 16
>From this, you can see that it's trying to run a function from the
Output class (something I'm working on changing actually, it's a little
too cumbersome the way it is now). Line 16 says this $out->clear();
Basicly, $out is mapped to $_SESSION['output'], and clear() just makes
sure the output is empty so I can write new information to it.

Does this give any more clues? I am including my lib/output.php file,
and I just made sure that it was loading it, it is. Here are lines 15
and 16, just as a clarification:

$out = &$_SESSION['output']; // $out is refrenced to the session
variable
$out->clear(); // clear the output

jo*********@gmail.com wrote:
Well first off I see that you are calling sessionStart() a few times
but the function you have written is called startSession(), which looks
like your session would never get started.

Be warned that sessions won't work unless the user has cookies enabled,
and a clever user could modify cookies as they see fit. If your
hosting provider allows htaccess files, I would suggest using
auto_prepend_file. It will allow you to include a file at the top of
any page that is requested and it can be applied at the directory
level. See http://httpd.apache.org/docs/1.3/howto/htaccess.html for
how to set this up, and you might have to search around for
auto_prepend_file, but the syntax is like this:

php_value auto_prepend_file prepend.php

That's it.

prepend.php might look like this:

<?php

session_start();
if(empty($_SESSION))
{
// it's a new session, do your thing
}

?>

Also note that even by setting session.gc_maxlifetime, your session
might expire earlier or later than you planned. See this article:
http://blog.centresource.com/2006/05...-an-adventure/

pa***********@gmail.com wrote:
I'm running into an issue with session_start(). I see that you can't
run it twice, otherwise it causes an issue. That's fine, and makes
sense. I also saw some ideas on how to get around this if you need to
run it more than once, and I get those as well, but none are working
for me.
Here's a mockup of what I have:

index.php
info.php
lib/common.php
lib/output.php

index.php
<?php
require_once('lib/common.php');
require_once('lib/output.php');

sessionStart();

runout();
?>

info.php
<?php
require_once('lib/common.php');
require_once('lib/output.php');

sessionStart();

output("Hello World");

outputStop();
?>

lib/common.php
<?php
ob_start();

function startSession()
{
if(!isset($_SESSION))
{
session_start();
}
}

?>

lib/output.php
<?php
require_once('lib/common.php');
sessionStart();

function output($out)
{
$_SESSION['output'] .= $out;
}

function outputStop()
{
header("Location: index.php");
}

function outrun()
{
echo $_SESSION['output'];
}
?>

As near as I can tell (I have other session variables that this is
happening to) the sessionStart function in output.php is interfearing
with the one in info.php. When I comment the one from output.php out,
my scripts run fine, but with it I get errors, usually something about
a class not being fully defined (from another lib/*.php file).
Can anyone see anything wrong with what I'm doing? The only reason I'm
doing it this way is so users can't use the back button (I'm working on
a game, and would rather not have people hit back to try and get around
stuff, but that would be to their detrememnt probably anyway) so all
the output is done by index.php (in this example at least). I am
storing the output info in the session variable so index.php can
actually use it.
Of course, on the other hand, if someone has an idea for getting around
the "Back" issue without doing it this way, I'm open to suggestions.
Although I'd probably have to run stuff through a filter of some sort
still, just for security purposes, but that's another story.
Oct 10 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.