failed to start the session already started by php
Symfony2 Failed to start the session: already started by PHP
i got a very strange issue looking like this:
the strange thing is i do not start a session or use it, heres the Controller code:
while this action works wonderfull
so the only difference is that i use
also checked if all my files AppKernel etc do start with
both actions ( the working one and the not working one ) are in the same controller
2 Answers 2
As soon as you render a form, Symfony automatically starts a session to store the token for CSRF Protection: http://symfony.com/doc/current/book/forms.html#csrf-protection
You can disable CSRF Protection, but it’s on by default.
@rakete:
The only additional idea I have is to change the way in which session files are stored (e.g. file system, database, memory, etc.). See here: http://symfony.com/doc/current/components/http_foundation/session_configuration.html
You should check if you have any listener who start a new session.
I have a onKernelController listener who started a new session with new Session() and then when the form try to make the csrf token it checks if a session exists and throw the exception.
Not the answer you’re looking for? Browse other questions tagged php symfony session or ask your own question.
Related
Hot Network Questions
Subscribe to RSS
To subscribe to this RSS feed, copy and paste this URL into your RSS reader.
site design / logo © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev 2021.9.16.40232
By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.
Failed to start the session: already started by PHP. #13577
Comments
vincent-dp commented Apr 26, 2019
When I am in my back office and I try to use the searchbar, I got this
(1/1) RuntimeExceptionFailed to start the session: already started by PHP.
in classes.php line 136
at NativeSessionStorage->start()in classes.php line 515
at Session->start()in SessionTokenStorage.php line 78
at SessionTokenStorage->hasToken(‘https-ANONYMOUS_USER’)in CsrfTokenManager.php line 72
at CsrfTokenManager->getToken(‘ANONYMOUS_USER’)in Router.php line 50
at Router->generate(‘admin_order_invoices’, array(), 0)in LegacyUrlConverter.php line 82
at LegacyUrlConverter->convertByParameters(array(‘controller’ => ‘AdminInvoices’))in Link.php line 799
at LinkCore->getAdminLink(‘AdminInvoices’)in AdminController.php line 2018
at AdminControllerCore->getTabs(‘3’, 2)in AdminController.php line 2019
at AdminControllerCore->getTabs(‘2’, 1)in AdminController.php line 2019
at AdminControllerCore->getTabs()in AdminController.php line 1887
at AdminControllerCore->initHeader()in Controller.php line 277
at ControllerCore->run()in Dispatcher.php line 509
at DispatcherCore->dispatch()in index.php line 99
The text was updated successfully, but these errors were encountered:
We are unable to convert the task to an issue at this time. Please try again.
The issue was successfully created but we are unable to update the comment at this time.
«Failed to start the session: already started by PHP» error using a CMS
I installed a CMS, named Prestashop: it runs under a specific domain, and with a specific VirtualHost configuration on Apache, on a server with other PHP applications.
When I try to login in, as administrator user, I receive the following error (this is the Apache error log):
[Wed Jan 18 00:09:16.059190 2017] [:error] [pid 31253] [client xx.xx.xx.xx:63129] PHP Fatal error: Uncaught exception ‘RuntimeException’ with message ‘Failed to start the session: already started by PHP.’ in /opt/wp/apps/prestashop/app/cache/prod/classes.php:108\nStack trace:\n#0 /opt/wp/apps/prestashop/app/cache/prod/classes.php(483): Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start()\n#1 /opt/wp/apps/prestashop/vendor/symfony/symfony/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php(90): Symfony\Component\HttpFoundation\Session\Session->start()\n#2 /opt/wp/apps/prestashop/vendor/symfony/symfony/src/Symfony/Component/Security/Csrf/CsrfTokenManager.php(54): Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage->hasToken(‘ANONYMOUS_USER’)\n#3 /opt/wp/apps/prestashop/app/cache/prod/classes.php(8196): Symfony\Component\Security\Csrf\CsrfTokenManager->getToken(‘ANONYMOUS_USER’)\n#4 /opt/wp/apps/prestashop/classes/Link.php(722): PrestaShopBundle\Service\Routing\Router->generate(‘admin_product_c. ‘)\n#5 /opt/wordpre in /opt/wp/apps/prestashop/app/bootstrap.php.cache on line 3216, referer: http://www.xxxxx.xx/adminXXX/index.php?controller=AdminLogin&token=181fa270d47386a8d523bdea6213932c&redirect=AdminDashboard’
PHP session auto_start parameter is set to 0 in php.ini.
I don’t understand how can I solve this problem. It can be depends on an Apache or PHP configuration?
Failed to start the session #9813
Comments
v3labs commented Dec 18, 2013
Symfony 2.4.0
PHP 5.5.7
OS.X 10.9
I ran into the following issue. I got an exception saying «Failed to start the session: already started by PHP.» (native session).
PHP’s auto_start was disabled, so it was the first thing to rule out.
After some poking around I found the problem. Facebook’s SDK was starting the session before Symfony.
Shouldn’t this method also check if the session has been started before. However, this way «loadSession» may not be called.
Another possible fix would be to remove the:
from the «start» method
I don’t know the internals very well. So don’t kill me if I’m dead wrong 🙂
The text was updated successfully, but these errors were encountered:
We are unable to convert the task to an issue at this time. Please try again.
The issue was successfully created but we are unable to update the comment at this time.
cordoval commented Dec 20, 2013
you would need to use that approach to bridge session control and then migrate things to symfony or remain as you are with care of these edge cases. Symfony was designed to battle for session control.
@v3labs please feel free to screen things first via irc or mailing list before hitting the bug/issue list of the repo
v3labs commented Dec 20, 2013
This did not come up in my searches 🙂
Looks like it’s taken care of. I’m closing this. Sorry for the inconvenience and thanks for the response!
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Check if PHP session has already started
I have a PHP file that is sometimes called from a page that has started a session and sometimes from a page that doesn’t have session started. Therefore when I have session_start() on this script I sometimes get the error message for «session already started». For that I’ve put these lines:
but this time I got this warning message:
Notice: Undefined variable: _SESSION
Is there a better way to check if session has already started?
If I use @session_start will it make things work properly and just shut up the warnings?
26 Answers 26
For versions of PHP
For versions of PHP prior to PHP 5.4.0:
Though, IMHO, you should really think about refactoring your session management code if you don’t know whether or not a session is started.
That said, my opinion is subjective, and there are situations (examples of which are described in the comments below) where it may not be possible to know if the session is started.
Consider the following snippet:
So, to check whether a session is started, the recommended way in PHP 5.4 is now:
you can do this, and it’s really easy.
Prior to PHP 5.4 there is no reliable way of knowing other than setting a global flag.
So, prior to PHP 5.4 you should set a global boolean.
For all php version
This should work for all PHP versions. It determines the PHP version, then checks to see if the session is started based on the PHP version. Then if the session is not started it starts it.
The only thing you need to do is:
Not sure about efficiency of such solution, but this is from working project This is also used if you need to define the default language
@ before a function call suppresses any errors that may be reported during the function call.
Adding a @ before session_start tells PHP to avoid printing error messages.
Using session_start() after you’ve already printed something to the browser results in an error so PHP will display something like «headers cannot be sent: started at (line 12)», @session_start() will still fail in this case, but the error message is not printed on screen.
Before including the files or redirecting to new page use the exit() function, otherwise it will give an error.