The pitfalls of SESSION



                                                                                           Warning: Cannot send session cookie - headers already sent

Warning : Cannot send session cache limiter - headers already sent

Analysis and solution：

The reason is that you use session_start() in the program

, there has been actual practice before The html content is output. Maybe you say, I don’t have one, I just

echo or print a message. Sorry, the output generated by your echo

or print statement is the actual html content output. The way to solve this kind of problem is to move your session_start() to the first line of the program. 2. Error message Warning: open(F:/689phpsessiondatasess_66a39 376b873f4daecf239891edc98b5, O_RDWR) failed

Analysis and solution

:

This error statement is usually because the

session.save_path

item in your php.ini is not set properly. The solution is to change

session.save_path and session.cookie_path settings are set to

session_save_path = c:temp session.cookie_path = c:temp Then in c: Create a temp

directory under the

directory, you can

3.

Error message Warning: Trying to destroy uninitialized session in

Analysis and solutions

:

Such a prompt is usually caused by you directly adjusting the session_destroy()

function. Many friends think that the session_destroy() function can run independently, but this is not the case. The solution is to use

session_start() to turn on the session function

before you adjust the

session_destroy() function. 4.Question:How to get the id value of the current session?

The easiest way is : echo SID; session_id('0-2-c-d-e ');session_start();

$_SESSION['is_admin'] =

'yes';

echo SID;

?> :My program is calling the header

function There was no output before. Although I

include a config.php file, there was no output in the config.php file. Why session

still reported I got the same error as the problem

1. Is it because I used session_start() before

header

?

Answer:Maybe you have really carefully checked your php program. There is indeed no output before quoting header(), and there is no output in your include file There is no output at all! But do you use the cursor keys to move the check after the end statement of ?>thisPHPcode? Then you will find that after ?>, there is a blank line or several spaces. If you delete these blank lines or spaces, then the problem will be solved.

Note: This problem will occur in PHP4.1.2 and higher versions, and has not been tested.

6 ?的 Answer: The easiest way is Session_start (); IF (! Session_registerEd ('Login') │ │ $ login! = TRUE) {

echo "

You are not logged in

";

exit;

}

7.

ask

:me I used

session_register()

to register the session

variable, but when I use

header

or use the redirect statement of

javascript, then in the following page, I cannot access sessionThe variable value registered. How to solve it? [Not tested successfully] Program fragment of the problem: session_start();

$ok = 'love you';

session_register('ok');

header("location : next.php"); ?>

next.php

session_start();

echo $ok;

?>

Solution:

When you use the header

function or a function like

window.location, the

session

registered on your previous page Variables , it will be easily lost. There is still no detailed answer to the reason for this problem.

But there is a solution. As shown below

header("Location: next.php" ."?" . SID);

When jumping to the next page, change the current of the session id is used as a parameter and passed to the next page.

8.sessionHow to pass array

session_register('data');

$data=array(1,2,3,4 ; RS['**'] How to access session is it worth it?

Answer: Yes, you can use the following

global array to access session to enhance the security of the webpage

$HTTP_SESSION_VARS

$ _SESSION

Routine

:

session_start(); $username = 'stangly.wrong';

session_register('username'); echo $HTTP_SESSION_VARS['username'];

echo '
';

echo $_SESSION[' username'];

?>

Please refer to this routine to modify the program to suit your own needs.

Question 10: What is the difference between session_unregister() and session_destroy() ?

session_unregister()The main function is to unregister the current session variable. However, it should be noted that if you use $HTTP_SESSION_VARS or $_SESSION to reference the session variable in the current page, then you may need to cooperate with unset() Eliminate the session variable.

And session_destroy() is to clear the current session environment. This means that after you use the session_destroy() function, it is no longer possible to use session_is_registered() to detect the variables of session. But it should be noted that it cannot clear session in global or use session cookies in session., so it is best before using session_destroy Do not use $HTTP_SESSION_VARS $_SESSION to access session. ( translated from php.net)

Routine:

if(isset($_COOKIE [session_name()])) {

session_start();

session_destroy();

unset($_COOKIE[session_name() ]);

)

session_start();

$_SESSION['is_admin'] = 'yes'

;

$is_admin =

'no' ;

echo $_SESSION['is_admin'];

?>

Vulnerability description:

When php.ini is in, When register_globals = On, the defined variable will change the same name as session. If you use

session to log in, it will cause the problem of casual login.

The above has introduced the pitfalls of SESSION, including aspects of it. I hope it will be helpful to friends who are interested in PHP tutorials.