Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2006
    Posts
    54

    Error in Php... Help Needed

    This The Error "
    Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at E:\webroot\Sessions\session.php:1) in E:\webroot\Sessions\session.php on line 2
    "


    And This The Page Code


    <?php
    session_start();
    ?>
    <html>
    <head>
    <title>Starting or Resuming a Session</title>
    </head>
    <body>
    <?php

    print "<p>Welcome, your session ID is ".session_id()."</p>\n\n";
    ?>
    </body>
    </html>
    Last edited by youth_nation; 11-23-2008 at 10:56 AM.
    WHAT GOOD IS ALIFE THAT LEAVE NATHING BEHIND NOT ATHOUGHT OR ADREAM THAT MIGHT ECHO IN TIME

  2. #2
    Join Date
    Apr 2004
    Location
    Nr London, UK
    Posts
    831
    Most likely you have a newline before you open your <? tags. This is sent to the browser at output time and thus your headers have already been sent.

    The best way to solve this would be to remove the new line.

    Alternatively, edit your php.ini file, and change output_buffering to either On, or a value depending on what you require.

    It is better to NOT rely on output_buffering at all so please do the first.

    http://uk2.php.net/manual/en/outcont...figuration.php

    http://uk2.php.net/headers_sent

    EDIT: Please also use [CODE] tags for you code as it makes it far easier to read
    Last edited by martinco; 11-23-2008 at 04:40 PM.

  3. #3
    Join Date
    Apr 2004
    Location
    Nr London, UK
    Posts
    831
    Whilst on the topic of sessions, if you plan on using them to see who is logged in and using them for any user data (why else would you have them i would ask)

    Please read up about session fixation, and session hijacking:

    http://en.wikipedia.org/wiki/Session_fixation

    http://phpsec.org/projects/guide/4.html

    And last but not least, the ever present Google:

    http://www.google.co.uk/search?hl=en...G=Search&meta=

  4. #4
    Join Date
    Feb 2006
    Posts
    54
    Martinco Thanx Alot For Taking The Time To Reply And Supply Me with All This Info Abt session

    Well I Was Only Trying To Use Sessions To Keep Track Of The Logged USers As U guessed Already But Obviously After checking The Links U gave Me It Seems That Its More Exposed For attacks So I am VEry Opened If U can Recommened Me Another Way Of Doing The Same thing Without Using Session

    And Also It Wud Be Great If U Stay Along With Me Till Finish This Project Am Trying to Do And Of Course Most of it The Login System

    Thank u
    WHAT GOOD IS ALIFE THAT LEAVE NATHING BEHIND NOT ATHOUGHT OR ADREAM THAT MIGHT ECHO IN TIME

  5. #5
    Join Date
    Apr 2004
    Location
    Nr London, UK
    Posts
    831
    Ok.

    You usage of sessions is what they are there for (one of the reasons anyhow) - It is not more or less exposed than using cookies for example. If you had a cookie which contained:

    u=username&loggedin=1 for instance that is instantly exploitable by anyone just by creating their own cookie, at least if you had a session with that data in, they would need to either, force you into using an SSID of their choosing, OR finding out which one you are using during browsing.

    The countermeasures section of that wiki article does contain more information about what you can do and SHOULD do when using php.

    http://en.wikipedia.org/wiki/Session...unter-measures

    Another extreeeeeeeeeeemly useful source of information is the PHP manual, never let it not be by you side (virtually anyhow). In particular read the user posts on the matter, they are countless help and can contain hints to most common usages for a given function.

    http://uk3.php.net/session_regenerate_id

    The other way (just to answer you post) is to use COOKIES, again these have their own set of fun and in most cases would be less secure than SESSIONS if you handle them wrong.

    By all means ask away in the forums, There are a few people that visit regularly and check often. However, it would be counter productive to give you a login code base to use (although useful).

    There are other posts on here about login security here - the most recent:

    http://www.3dbuzz.com/vbforum/showthread.php?t=168543

    Google has allot of answers, as you've guessed it, this is a common thing to want to know.

    The only way to learn is by falling over just do it in a padded cell RE: PHP

  6. #6
    Join Date
    Feb 2006
    Posts
    54
    Looll dnt Worry am Doing Nathing But Falling I have Been In This Issue Of Logging In Since Aweek But Its Ok Actually Php Is fun

    Thanx alot martinco i Will consider The Resources That U gave Me And I will See What I can do With Them Thanx Alot AGAIN MArtinco .
    WHAT GOOD IS ALIFE THAT LEAVE NATHING BEHIND NOT ATHOUGHT OR ADREAM THAT MIGHT ECHO IN TIME

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •