Why can't I use session_start() in my php script? It says headers are already sent.

Question

Here are the first few lines of my page:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"&gt;
<?php include_once "dblogin.php";
session_start();
$loggedIn = 0;
if(isset($_SESSION["login"])) {$loggedIn = 1;}
?>

I'm getting the following error:

Cannot send session cookie - headers already sent by (output started at /usr/www/users/simpleof/index.php:2) in /usr/www/users/simpleof/index.php on line 2

From what I've read on other forums, this should be fine because the session_start() is in the first block of php code, but I'm still getting this error.

Answer 1

Sessions must be initiated before any output is sent because it uses cookies which are specified in the header of an HTTP request, which is obviously sent before the body of the request.

Answer 2

There must be something in dblogin.php that is writing to the client. Once writing to the client has begun, you can no longer send headers (and starting a session sends a header that tells the client to create the php session id cookie). You can bypass this by setting output bufferring.

Answer 3

Here's how HTTP protocol works:

You send this kind of header with your browser:

GET /questions/712326/why-cant-i-use-sessionstart-in-my-php-script-it-says-headers-are-already-sen HTTP/1.1
Host: stackoverflow.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fi; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fi-fi,fi;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://stackoverflow.com/questions/tagged/php
Cookie: *censored*
Cache-Control: max-age=0

First server sends you headers:

HTTP/1.x 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Fri, 03 Apr 2009 02:14:49 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: *censored*
Date: Fri, 03 Apr 2009 02:14:49 GMT
Content-Length: 9346

Then server sends you the actual page data

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" >
<html>
<head>    

    <title>Why can't I use session_start() in my php script? It says headers are already sent. - Stack Overflow</title>
    <link rel="stylesheet" href="/Content/all.min.css?v=2743">
   ..snip..

So you see you can't FIRST send HTML data (DOCTYPE) and then header data because header is already processed. You can go around with PHP's Output Control but more recommended is that you use MVC design where you buffer all data that user sees last.

Answer 4

The problem was solved by moving the script containing session_start() above DOCTYPE. I didn't have to use ob_start() or anything.

Answer 5

You either misread or the other forums are wrong. Just because session_start() is in the first "block" of PHP code doesn't mean it will work.

session_start() needs to be run before the headers are sent.

The solution in your case is:

Move session_start(); above <!DOCTYPE html...

Answer 6

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at G:\xampp\htdocs\soria1\configuration.php:2) in G:\xampp\htdocs\soria1\login.php on line 119

this is my problem how can i solve this??? the session_start(); is above the docsxhtml.. please help me..