[FAQ] My sessions are failing... what's wrong??

[mdshare]

Symptom:

Warning: session_start(): open(/tmp\sess_9d0fb76e93c38f1824377131f3c2e154, O_RDWR) failed: No such file or directory (2) in {{{ file path }}} on line X

Remedy:

You do not have a sessiondata directory configured to store session data. This is because the default values of the session.save_path directory is configured for Linux operating systems. Windows PHP installs must specify the value of the session.save_path directive explicitly.

Open php.ini located at C:\Windows, or wherever Windows is installed.

Change the value of the session.save_path directive to reflect a valid file path, I recommend C:\PHP\sessiondata, or whereever PHP is installed.

Create the sessiondata directory, if it doesn't exist.

Make sure that the proper write permissions are applied to the directory.

Restart your HTTP server if necessary.

Symptom:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started) in {{{file path}}} on line X

Remedy:

When session_start() is called it makes changes to the outgoing HTTP headers. As it does such, no output can come from the PHP script before it is called, e.g. any markup, whitespace or other kind of output appearing either before or after the opening <?php delimiter. Remove the output before session_start() and this error goes away. If this error is second, third, etc in a list of session_start() errors, its likely the error was triggered as a result of the errors before it.

Symptom:

Session variable doesn't persist between page requests.

Remedy:

Make sure that you are passing the session id between page requests. Since a session is intended to tie one user to data that persists on the server, PHP must have some way of associating the user with the session data. This is done with the session id. The session id is passed using cookies by default. When session_start() is called, it outputs a cookie to the client. The client's browser saves that cookie, then ever time the user requests a page the process starts all over again.. the browser sends the cookie that it stored from the first request back to the server. Then session_start() is called, session_start() looks to see if a session id has been passed to it, e.g. it looks for that cookie. If the cookie is found it says hey, I remember you, and it populates the $_SESSION superglobal with the session data from the previous request. If you are using cookies to pass the session id, you must therefore have first party or session cookies enabled in your browser.

A second method of passing the session id, not relying on cookies, is by embedding the session id directly in every URL or form used in the page, for example.

 

<?php
   session_start();


   $_SESSION['foo'] = 'Hello, world!';

   echo "[url='other_page.php?sid=".session_id()."']Next page...[/url]";
?>

 

Here, I've called on session_id() to output the current session id directly in the URL, which frees the user from needing cookies to be enabled in their browser. (some modern browsers disable cookies by default, BTW)

Then page 2 can be called to output the value of $_SESSION['foo']

 

<?php
   //other_page.php 
   session_start();

   echo $_SESSION['foo'];
?>

 

You see that when this test script is run through PHP's sausage maker, that $_SESSION['foo'] still exists!

For further reference:

http://www.php.net/session