StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhy am I getting this PHP session_start() error?
text
Body
copied!<p>I can not figure out why I am getting this session error... </p> <blockquote> <p>Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\webserver\htdocs\project2\labs\form-submits\index.php:2) in C:\webserver\htdocs\project2\labs\form-submits\index.php on line 2</p> </blockquote> <p>As far as I knew this happens only when there is some sort of output to the browser before the session_start() function is called, in this case there is nothing printed to screen before the call, not even any white space. Any ideas why I would still get the errors? </p> <p>I posted the full source code of this demo so you can see exactly what I used to create the error.</p> <pre><code><?php session_start(); require('formkey.class.php'); $formKey = new formKey(); $error = 'No error'; //Is request? if($_SERVER['REQUEST_METHOD'] == 'post') { //Validate the form key if(!isset($_POST['form_key']) || !$formKey->validate()) { //Form key is invalid, show an error $error = 'Form key error!'; } else { //Do the rest of your validation here $error = 'No form key error!'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=UTF-8" /> <title>Securing forms with form keys</title> </head> <body> <div><?php if($error) { echo($error); } ?> <form action="" method="post"> <dl> <?php $formKey->outputKey(); ?> <dt><label for="username">Username:</label></dt> <dd><input type="text" name="username" id="username" /></dd> <dt><label for="username">Password:</label></dt> <dd><input type="password" name="password" id="password" /></dd> <dt></dt> <dd><input type="submit" value="Submit" /></dd> <dl> </form> </body> </html> </code></pre> <p>the class file</p> <pre><code><?php class formKey { //Here we store the generated form key private $formKey; //Here we store the old form key private $old_formKey; //The constructor stores the form key (if one excists) in our class variable function __construct() { //We need the previous key so we store it if(isset($_SESSION['form_key'])) { $this->old_formKey = $_SESSION['form_key']; } } //Function to generate the form key private function generateKey() { $ip = $_SERVER['REMOTE_ADDR']; $uniqid = uniqid(mt_rand(), true); return md5($ip . $uniqid); } //Function to output the form key public function outputKey() { //Generate the key and store it inside the class $this->formKey = $this->generateKey(); //Store the form key in the session $_SESSION['form_key'] = $this->formKey; //Output the form key echo "<input type='hidden' name='form_key' id='form_key' value='".$this->formKey."' />"; } //Function that validated the form key POST data public function validate() { //We use the old formKey and not the new generated version if($_POST['form_key'] == $this->old_formKey) { //The key is valid, return true. return true; } else { //The key is invalid, return false. return false; } } } ?> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload