Jump to content
Larry Ullman's Book Forums

Session_Regenerate_Id() Cause Error "Cannot Regenerate Session Id - Headers Already Sent"


Recommended Posts

  • 2 months later...

Larry,

 

I also get tired of dealing with the "headers already sent" stuff!

 

Is there any problem using ob_start() at the beginning of every page to just get around all this?  If there isn't, then why isn't it just built into php by default?

 

Thanks,

 

Matt

Link to comment
Share on other sites

Larry,

 

Thanks for your response!  What do you mean that output buffering is built into php by default?  Do you mean that in php 5.5 we don't have to use ob_start() to prevent headers already sent messages?

 

I agree with you about writing better code, and I'm not trying to make you angry, but we were erm... using your code.  I wrote a comment because I got the same error as 100yen.  However, in many cases I think that preventing the headers already sent error leads to "worse code" because most of the time you have to re-factor everything with a half-ass solution to get around it!  I'm sorry, but doing something as simple as regenerating a session ID isn't what I would consider writing bad code, and in any rational server-side language, something as ridiculous as this would not be a problem.  I love php, but it really has some "dirty" areas that need to be cleaned up!

Link to comment
Share on other sites

Larry, not to take sides (which means I am going to), but your comment about "writing better code" seemed a bit odd since both 100yen and Matt are using your code.

 

Specifically, in reset.php in the ex1 folder, you are clearly calling session_regenerate_id after you include the header.html file, which is what is causing this problem.

You are right about the fact that output buffering is enabled by default in newer versions of PHP (can anyone cite the PHP version since this has been the case?), but for older versions of PHP and in cases where (for whatever reason) the PHP engine decides to output the buffer before the end of the script, you will get this error in the code you have provided for everyone.

 

Certainly, I agree with you that "writing better code" is always the best solution, but by that token, wouldn't it be best to move the header include to below where you handle all the controller logic, including execution of the session_regenerate_id function, which sends an extra cookie header and thus causes the error?

Link to comment
Share on other sites

The full answer is that if you're seeing the "headers already sent" error only because an unexpected error occurred previous to the header line, resulting in output, then the headers already sent isn't actually a concern. Because you fix the earlier error and it's gone. So those I wouldn't worry about at all.

 

Personally, I'm hesitant over relying upon output buffering as a fail safe measure so that those errors are never seen, because the real goal is to fix the cause of the errors in the first place. 

 

Towards that end, if there's a problem in *my* code, then that needs to be fixed.

Link to comment
Share on other sites

Larry, if you could please look at reset.php under the ex1 folder, I think you'll see that you're using session_regenerate_id after you include the header file.

And since the session_regenerate_id function requires an additional header to update the cookie, the "headers already sent" error is occurring.

 

I'm pretty sure that that is what caused the issue for 100yen and Matt, but would love your input.

Thanks.

Link to comment
Share on other sites

I'll take a look at it, but what you describe makes sense. It's possible this didn't trip me up during testing because output buffering is on by default and neither I, nor the tech editor, caused it. But I'll take a look. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...