Where Exactly Do I Put a Session_Start

When and where should I use session_start?

As others have said, the absolute requirements of what you must do are:

• You must run session_start before you read or write to $_SESSION (otherwise it will just be an ordinary array and not saved anywhere).
• You must not run session_start twice during a single script execution (page load) unless you use session_write_close to close it in between.

There is an extra rule that technically has exceptions, but is best treated as absolute:

• Do not start the session after you have written any output (echo, HTML outside PHP blocks, etc), because PHP may not be able to send cookies to the browser if the server has already started sending the content.

There are two reasons you might want to avoid starting the session:

• PHP locks the session when you open it to avoid two processes writing conflicting data into it, so if you have several requests happening at once, you want to avoid them waiting for each other unless they really need to. For instance, if you're responding to an AJAX request, and don't need any data from the session, don't open it.
• As mentioned by symcbean, there is some cost to creating a new session, so if your site is busy with either legitimate or malicious traffic, you might want to serve some landing pages or error messages without starting it at all.

After that, it becomes a matter of style and architecture, but the rule of thumb that covers most of the above is "as soon as possible, if you're sure the page needs it".

PHP session_start() function: Why I need it everytime I use anything related to PHP sessions

session_destroy() destroys the active session. If you do not initialized the session, there will be nothing to be destroyed.

When to use session_start()?

Use it once per page, at the very top, before you plan to use any $_SESSION variables

What is PHP session_start()

The PHP session system lets you store securely data in the $_SESSION global array. A typical example is to store the user's identifier in the session when they type in their password:

if ($user = try_login($login, $password)) 
  $_SESSION['user'] = $user;

Then, you can access that information on all other pages:

if (isset($_SESSION['user']))
  // logged in !
  echo user_name($_SESSION['user']);

The data is stored on the server, so there is no risk of tampering (on the other hand, mind your disk usage).

Starting the session lets the current request use $_SESSION. If this is the user's first visit, the array will be empty and a new session cookie will be sent for you.

Closing the session merely prevents the current request from using $_SESSION, but the data stays around for the next requests.

Destroying the session throws away all the data, forever. The sessions are destroyed a certain duration after the last visit (usually around 30 minutes).

PHP session_start function and CLI

Your problem is, apart from that it makes no sense to use sessions in CLI, that output has already started prior to session_start();.

As I see in your code, you code begins directly with session_start();, I believe you have some characters before <?php. Make sure <?php is on the very first line of your file (so also no empty lines above it), and that there is nothing (such as a white space) in front of it.

This should fix this problem you are having.

---

Related Topics