From: [EMAIL PROTECTED]
Operating system: Linux 2.4.7
PHP version: 4.2.3
PHP Bug Type: Session related
Bug description: include() or require() cause conflicts with session, even with no
output
Calling includes or requires seems to create header output, even if the
includes or requires are blank. This conflicts with session handling in
situations where the session is called as a result of logic-branches in
the code.
I have encountered this issue on several different systems.
Here's the setup.
Create an include file, called "include.php".
Put the following in it:
<?php
?>
Now, create a page with the following code:
<?php
include("include.php");
session_start();
session_register("SESSION");
if (!isset($SESSION)) {
$SESSION["count"] = 0;
print("<p>Counter initialized, please reload this page to see it
increment</p>");
}
else {
print("<p>Waking up session $PHPSESSID</p>");
$SESSION["count"]++;
}
print("<p>The counter is now $SESSION[count] </p>");
?>
run the page with all the code in the browser such that it includes the
include file above.
Even though the include file does not write or generate a single header,
the output I get is:
"Warning: Cannot send session cookie - headers already sent by (output
started at include.php:1) in test.php on line 4
Warning: Cannot send session cache limiter - headers already sent (output
started at include.php:1) in test.php on line 4
Counter initialized, please reload this page to see it increment
The counter is now 0 "
My observation is corroborated by the following note, found on the
session_start() function manual page at php.net.
############
As per <shadowflame at starpilot dot net>:
"If you are using an include page, such as a config or possibly
common-functions page, that relies on session variables being pulled from
the sesssion, remember to add the session_start() function _before_ you
call the includes, or your session will not be called by the page..."
Any include or require called before you call session_start() will cause
the initial session setup to fail, even if that include file contains only
a comment!
Here are scenarios:
include("blank_file.php");
session_start();
This works. However:
include("file_with_just_a_comment_in_it.php");
session_start();
Does not.
The recommended way to use session_start() is of course to put it at the
top of the page. However, if, like me, you find yourself wanting to start
a session only as a result of some previous logic, this avenue is closed
to you. You will have to use ob_start() and related functions, and create
a code mess.
It will be a beautiful day when header conflicts are caused only by the
layout of my code rather than PHP code cruft.
##############
As mentioned, I've encountered this on several different systems, so
configure lines and php.ini doesn't seem to be too relevant. If you want
build lines or php.ini, I'll send them on via e-mail.
--
Edit bug report at http://bugs.php.net/?id=21210&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=21210&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=21210&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=21210&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=21210&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=21210&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=21210&r=support
Expected behavior: http://bugs.php.net/fix.php?id=21210&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=21210&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=21210&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=21210&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=21210&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=21210&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=21210&r=isapi
