Session_Regenerate_Id() Cause Error "Cannot Regenerate Session Id - Headers Already Sent"

[100yen 2]

In page 99, session_regenerate_id() cause en error "Cannot regenerate session id - headers already sent". If i comment this function out, everything goes fine. Where I should check for problem? 

 

thanks 

 

[100yen 2]

problem solved by adding ob_start() in config.inc.php, next to session_start()

[Larry 428]

Ah...that would do it! Kudos for figuring it out and thanks for letting us know.

[Matt 27]

Larry,

 

I also get tired of dealing with the "headers already sent" stuff!

 

Is there any problem using ob_start() at the beginning of every page to just get around all this?  If there isn't, then why isn't it just built into php by default?

 

Thanks,

 

Matt

[Larry 428]

Output buffering is built into PHP by default, and enabled by default anymore. The real solution is to write better code, however.

[Matt 27]

Larry,

 

Thanks for your response!  What do you mean that output buffering is built into php by default?  Do you mean that in php 5.5 we don't have to use ob_start() to prevent headers already sent messages?

 

I agree with you about writing better code, and I'm not trying to make you angry, but we were erm... using your code.  I wrote a comment because I got the same error as 100yen.  However, in many cases I think that preventing the headers already sent error leads to "worse code" because most of the time you have to re-factor everything with a half-ass solution to get around it!  I'm sorry, but doing something as simple as regenerating a session ID isn't what I would consider writing bad code, and in any rational server-side language, something as ridiculous as this would not be a problem.  I love php, but it really has some "dirty" areas that need to be cleaned up!

[HartleySan 826]

Larry, not to take sides (which means I am going to), but your comment about "writing better code" seemed a bit odd since both 100yen and Matt are using your code.

 

Specifically, in reset.php in the ex1 folder, you are clearly calling session_regenerate_id after you include the header.html file, which is what is causing this problem.

You are right about the fact that output buffering is enabled by default in newer versions of PHP (can anyone cite the PHP version since this has been the case?), but for older versions of PHP and in cases where (for whatever reason) the PHP engine decides to output the buffer before the end of the script, you will get this error in the code you have provided for everyone.

 

Certainly, I agree with you that "writing better code" is always the best solution, but by that token, wouldn't it be best to move the header include to below where you handle all the controller logic, including execution of the session_regenerate_id function, which sends an extra cookie header and thus causes the error?

[Larry 428]

The full answer is that if you're seeing the "headers already sent" error only because an unexpected error occurred previous to the header line, resulting in output, then the headers already sent isn't actually a concern. Because you fix the earlier error and it's gone. So those I wouldn't worry about at all.

 

Personally, I'm hesitant over relying upon output buffering as a fail safe measure so that those errors are never seen, because the real goal is to fix the cause of the errors in the first place. 

 

Towards that end, if there's a problem in *my* code, then that needs to be fixed.

[HartleySan 826]

Larry, if you could please look at reset.php under the ex1 folder, I think you'll see that you're using session_regenerate_id after you include the header file.

And since the session_regenerate_id function requires an additional header to update the cookie, the "headers already sent" error is occurring.

 

I'm pretty sure that that is what caused the issue for 100yen and Matt, but would love your input.

Thanks.

[Larry 428]

I'll take a look at it, but what you describe makes sense. It's possible this didn't trip me up during testing because output buffering is on by default and neither I, nor the tech editor, caused it. But I'll take a look.