Hello,
I have written some php functions to make my life a bit easier constructing html pages.
I have unit-tested these php functions locally using XAMPP, Apache, php on localhost. All good.
I uploaded these functions into the appropriate domain area which are hosted by a service provider using WHM and cPanel. All good.
I added some login functionality using php for session control.
Again, unit-tested the functionality on localhost (XAMPP,Apache,php). All good.
Uploaded the php functions into the domain and session control problems occured.
The problem in detail:
It seems that the controlling web infrastucture does not pass on the full session information to the application php.
I found that on each HTTP request a new session_id has been issued to my php environment by someone-up-higher. By whom, I don't know.
Therefore, the login information I added at the previous request into $_SESSION has been lost.
I contacted tech-support, they were responsive and very helpful, but, problem not resolved.
Every time I call a page, I get the following two warnings, followed by the login UI:
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by
(output started at /home/example/public_html/dev/phpTest/index.php:1) in
/home/example/public_html/dev/phpTest/util/login.php on line 5
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent
(output started at /home/example/public_html/dev/phpTest/index.php:1) in
/home/example/public_html/dev/phpTest/util/login.php on line 5
Here are the first few lines of login.php:
<?php
function login_create($pageName) {
session_start(); // this is line 5 of login.php
if (array_key_exists('app_login', $_SESSION )) {
if ($_SESSION['app_login'] === true) {
return;
}
}
if (authent_bypass() === true ) {
$_SESSION['app_login'] = true;
return;
}
...
some more code displaying login UI.
...
I have no experiences in virtual infrastructure and here are my questions:
Is there a setting in Apache, or any other component higher-up which prevents HTTP headers to be passed-on in full to the application?
Which component might be responsible for suppressing returning HTTP headers and instead issuing new session_ids everytime a new request comes in?
Any hint or help would be appreciated.