I created a login page with codeigniter,but i get the php message.

Message: ini_set(): A session is active. You cannot change the session module's ini settings at this time

how to fix this?

view (login.php)

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Login</title>
<link rel="stylesheet" href="../css/normalize.css">
<link rel="stylesheet" href="../css/admin-style.css">
</head>
<body>
    <?php echo form_open('Verify_login', ['id'=>'loginForm', 'name'=>'loginForm', 'method'=>'post']) ?>
    <div class="login">
        <div class="log-box">
            <h3>Login</h3>
            <div >
                  <input id="username" name="username" placeholder="User Name" value="" type="text" >
                <?php echo form_error('username'); ?>
                <input id="Password" name="password" placeholder="Password" required type="password">
                <?php echo form_error('password'); ?>
                <div class="remember-me">
                    <input id="checkBox" type="checkbox">
                    <label for="checkBox">Remember Me</label>
                </div>
                <button class="login-button" name="loginButton">Login</button>
            </div>
        </div>
    </div>
 </form>
</body>
</html>

controller (Verify_login.php)

<?php 
defined('BASEPATH') OR exit('No direct script access aloowed');

class Verify_login extends CI_Controller
{

public function __construct()
{
    parent::__construct();
    $this->load->model('User');
    $this->load->helper('url');
    $this->load->helper('security');
    $this->load->library('form_validation');
    $this->load->library('session');
}

public function index()
{
    $this->form_validation->set_rules('username', 'Username', 'trim|required');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|callback_check_database');
    if ($this->form_validation->run() == FALSE) {
        // if validation failed load the view 
        $this->load->view('admin/login');
    }

    else{
        $this->check_database($username , $password);
        redirect('dashboard', 'refresh');
    }
}

public function check_database($password)
{
    $username = $this->input->post('username');

    //query tha database
    $result = $this->User->login($username, $password);

    if ($result) {
        $sess_array = [];
        foreach ($result as $row) {
            $sess_array = 
                [
                    'id'=>$row->id,
                    'username'=>$row->name
                ];
            $this->session->set_userdata('logged_in', $sess_array);
        }
        return TRUE;
    }
    else{

        $this->form_validation->set_message('check_database','invalid username and password');
    }
  }
 }
?>

controller(Admin.php)

session_start(); //need to call PHP's session object to access it though it
class Admin extends CI_Controller
{

public $data;
public function __construct()
{
    parent::__construct();
    $this->load->helper('url');

    $this->load->helper('form');
    $this->load->helper('url');
    $this->load->library('form_validation');
    $this->load->helper('security');

    //load user model
    $this->load->model('User');

}
public function index()
{
    // $this->load->view('admin/index');
    if ($this->session->userdata('logged_in')) {

        $session_data = $this->session->userdata('logged_in');
        $data['username'] = $session_data['name'];
        $this->load->view('admin/dashboard', $data);
    }
    else{

        //if no session redirect to login page 
        redirect('admin', 'refresh');
        // redirect('login');
    }
}

public function logout()
{
    $this->session->unset_userdata('logged_in');
    session_destroy();
    redirect('home', 'refresh');
}

model (User.php)

<?php 

/** *user login claass which extends MY_Model * */

defined('BASEPATH') OR exit('no direct script allowed');

class User extends CI_Model
{
    protected $table = 'users';

    public function __construct()
    {
        $this->load->database();
    }

    public function login($username ,$password)
    {
        var_dump($username);
        var_dump($password);
        $this->db->select(['id', 'name', 'password']);
        $this->db->from($this->table);
        // $this->db->where('name', $username);
        // $this->db->where('password', $password);
        $this->db->limit(1);

        $query = $this->db->get();
        if ($query->num_rows() == 1) {
            return $query->result();
        }
        else{

            return false;
        }
    }
   }    
   ?>

You don't need this line in admin.php

session_start(); //need to call PHP's session object to access it though it

When you load the session library, its constructor does this for you.

The message means that you have started a session with session_start() in which further down in the code you are using ini_set() to manipulate the session module. If you are manipulating the session module, it should be done before a session is started and active.

This is really working for me

if (!isset($_SESSION)) {

// server should keep session data for AT LEAST 24 hour
ini_set('session.gc_maxlifetime', 60 * 60 * 24);

// each client should remember their session id for EXACTLY 24 hour
session_set_cookie_params(60 * 60 * 24);
session_start();
}

so you do start your session after calling ini_set and session_set_cookie_params etc

Message: ini_set(): A session is active. You cannot change the session module's ini settings at this time

I had same error message sometime ago , By default Code-igniter will write to file (C:\xampp\tmp) in my case. But I want it to write to database instead.

In your autoloader you might have had something like this:

//:::::$autoload['libraries'] = array();
//'session', this mean start session ini_set()
$autoload['libraries'] = array('session', 'database');

By default setting in the config/config.php session configurartion look like this:

$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = NULL;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

The documentation stated that to use database instead of file you should first create a table in application database.

CREATE TABLE IF NOT EXISTS `ci_sessions` (
        `id` varchar(128) NOT NULL,
        `ip_address` varchar(45) NOT NULL,
        `timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
        `data` blob NOT NULL,
        KEY `ci_sessions_timestamp` (`timestamp`)
);

Go back to the config/config.php and change $config['sess_driver'] = 'files'; to $config['sess_driver'] = 'database';

Like so I thought everything should be fine but I got the error Message: ini_set(): A session is active. You cannot change the session module's ini settings at this time

My Solution was to first run the session_destroy();

Then change session name and table name

My config look like this :

$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'newname_session';
$config['sess_expiration'] = 72000;
$config['sess_save_path'] ='newname_sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

Save everything and after refresh the page all cleared, no error message showing

This works for me:

if (!isset($_SESSION)) {
   // server should keep session data for AT LEAST 24 hour
   ini_set('session.gc_maxlifetime', 60 * 60 * 24);

   session_start();

   // each client should remember their session id for EXACTLY 24 hour
   session_set_cookie_params(60 * 60 * 24);
}

Its worth noting that in CI4 you can get this error message if you are changing databases within your models. If your session cannot update, it will call baseHandler fail() which errors an output.

The solution is to set your App.php in Config to public $sessionSavePath = 'db.table'; which should fix it.

I've experienced a lot of this kind of error in Code Igniter 3 in Session.php library. My solution was to put a check whether the session is already started, using the following code:

if(session_status()==PHP_SESSION_NONE){
    ini_set('...', ...);
    session_start();
    // or any other session commands that potential to cause error
}

Note: You can see which line of code to add the above check by seeing the error message. Here is the reference of the php session status value:

PHP_SESSION_DISABLED = 0
PHP_SESSION_NONE = 1
PHP_SESSION_ACTIVE = 2

You can handle this issue by only running the command when it's needed like this:

if (!isset($_SESSION)
    && !headers_sent()
) {
    session_start();
}

1. Go to file \system\libraries\Session\Session.
2. Uncomment session_start() at line 143 and you are done.