Sessions - stopped working

Security and PHP
#1

Hi

I am new to php and have been working on setting up a website with certain pages password protected. I have a user registration form saving the information on mysql which seems to work fine and when I launched the login/registration part of my website it seemed to work fine for the first 24 hours (with over 100 users registering).

After this initial period it just stopped working - the registration is still working and new users can been added but the first of the password protected pages won’t load.

This is the php script that I have to check for the session variable being set before loading the page or redirecting to the page called assess.php where the user is asked to login or register

<?php session_start(); // Start the session. if (!isset($_SESSION['username'])) { (header("Location: assess.php")); exit(); // Quit the script. } ?>

Nothing seems to happen - it just shows a blank page where as initially it all worked fine.
Any suggestions - what am I missing?
Thanks in advance

#2

Do you have errors reporting turned in?

If not you can add these statements just after the <?php

[php]ini_set(‘display_errors’,1);
ini_set(‘display_startup_errors’,1);
error_reporting(-1);[/php]

It might give you some clues as to what can be happening.

#3

Hi

Thanks for the quick reply - I added the code and got
Cannot modify header information - headers already sent by (output started at /www/sites/f91/56…

referring to the line I used to redirect to the login page using header(‘Location’:assess.php)

As I said initially it all worked fine for about 24 hours and then suddenly stopped?
Any help much appreciated.

#4
As I said initially it all worked fine for about 24 hours and then suddenly stopped?
- Stop thinking that way, something got changed.

I have a feeling you’re not sharing all the code…

That error means that you most likely started to output HTML code and then you are redirecting it to a new page which is not allowed.

Hence,

output started at /www/sites/f91/56…

You’re outputting something there, then doing a re-direct is that mini snippet you posted.

#5

The following code is at the top of the password protected page…before the html
[php]<?php
ini_set(‘display_errors’,1);
ini_set(‘display_startup_errors’,1);
error_reporting(-1);
session_start();
if (!isset($_SESSION[‘username’])) {
(header(“Location: assess.php”));
exit(); // Quit the script.
}
?>

SASSMAIN [/php]

Plus just realised that I had put your suggested reporting code after the session start…the error messages now look like this

[php]Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /www/sites/f91/56e/test.mathsbox.org.uk/web/sass.php:1) in /www/sites/f91/56e/test.mathsbox.org.uk/web/sass.php on line 5

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/sites/f91/56e/test.mathsbox.org.uk/web/sass.php:1) in /www/sites/f91/56e/test.mathsbox.org.uk/web/sass.php on line 5

Warning: Cannot modify header information - headers already sent by (output started at /www/sites/f91/56e/test.mathsbox.org.uk/web/sass.php:1) in /www/sites/f91/56e/test.mathsbox.org.uk/web/sass.php on line 7[/php]

Any suggestions/help greatly appreciated

#6

You have some html output somewhere before that session_start runs

#7

Is this file included in another by any chance?

Sponsor our Newsletter | Privacy Policy | Terms of Service