Login/Register
"session has already been started...." exception in Zend Framework application
Asked Answered
Solved phpzend-frameworksession.htaccesszend-auth
J

13

13

I get this error when trying to load a Zend Framework application:

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'session has already been started by session.auto-start or session_start()' in /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session.php:462

Stack trace:

#0 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session/Namespace.php(143): Zend_Session::start(true)

#1 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth/Storage/Session.php(87): Zend_Session_Namespace->__construct('Zend_Auth')

#2 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth.php(91): Zend_Auth_Storage_Session->__construct()

#3 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth.php(141): Zend_Auth->getStorage()

#4 /www/htdocs/w00a1ed7/autospin/redaktion/application/layouts/scripts/layout.phtml(31): Zend_Auth->hasIdentity()

#5 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/View.php(108): include('/www/htdocs/w00...')

#6 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/View/Abstract.php(831): Zend_View->_run('/www/htdocs/w00...')

#7 /www/htdocs/w00a1ed in /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session.php on line 462

I Use Zend_Auth and on my local server and it works well, but on a production server I get the preceding error, but not every time.

I have checked that session.autostart is set to 0 in the .htaccess file.

How do I fix this error?

Thank you for your Answer, but I do not user session_start() anywhere. Work only with ZF.

I Have this Problem only on shared server, on my local server script works perfectly.

I Use INIT Function with this code:

protected $user;

public function init()
{   
    if(!Zend_Auth::getInstance()->hasIdentity())
    {
        $this->_redirect('auth/login');
    }else
    {
        $this->user = Zend_Auth::getInstance()->getIdentity();
    }
}

I allready try to set tis code only in indexAction, so that other actions do not have to chack the Auth... but still have problems.

Ist there a way to set in an Action to do not check about session or somethink like this?

Beste regards

Joust answered 10/3, 2010 at 15:31 Comment(3)
I get this error too sometimes... solution would be nice :)Miquelmiquela
I can think of two things that makes live- & dev-servers show different results: 1) not identical files; or 2) not identical configsSarthe
or different Server Settings....Joust
S
19

It's what it says it is. Zend_Auth tries to start a new session, since Zend_Session::start() has not yet been called.

The problem is that Zend_Session::start() has to be called before a session is started. But, since session.autostart is 0 (btw this is in php.ini not .htaccess), you have probably written session_start(); somewhere. You're not allowed to do that, since ZF wishes to have full control over sessions, i.e. you shouldn't access the global session variable directly.

To solve it, search your code files for session_start() and either

  1. remove all occurences but one. To notice if it's already been started, set error_reporting(E_ALL|E_STRICT);
  2. replace it with Zend_Session::start(); at all places

If you can't find all occurrences, find the one session_start(); that bothers your Zend_Auth::getInstance()->hasIdentity() and solve the problem quick n' dirty with the following snippet 

try {
    Zend_Session::start();
} catch(Zend_Session_Exception $e) {
    session_start();
}

If you're using ZF in your whole application, I would go with 2)

Sarthe answered 10/3, 2010 at 19:22 Comment(8)
I tryed this one try { Zend_Session::start(); if(!Zend_Auth::getInstance()->hasIdentity()) { $this->_redirect('auth/login'); }else { $this->user = Zend_Auth::getInstance()->getIdentity(); } } catch(Zend_Session_Exception $e) { session_start(); } and it works besset, but i still have problems, sometimes ith the requestes page empty...Joust
Nice! Feel free to mark the answer as correct if it helped you :) And remember, trust the stack trace, it's often your best friend ;)Sarthe
it is a durty way to catch this arror, but it works and i am happy :)Joust
FACEBOOK SDK HAS session_start()!Pome
@max4ever: there's no reason for facebook to bundle Zend_Session if that's what you mean. Try if(!session_id()) session_start(); in your code instead.Sarthe
i just wanted to point out to other that facebook sdk might be the cause of the problem, facebook sdk already has if()... that but i was still getting errors until i changed it to Zend_Session::start()Pome
@max4ever: I really think ZF is poorly designed in this matter and you are probably right. ZF should be more loosely coupled in this case. (You probably will have to redo your change every time you update your FB SDK.)Sarthe
Please be aware that if you write this inside init() in application/Bootstrap.php, it does remove the error message, but this could cause the session incorrectly stored, it should be stored in $_SESSION['__ZF'], but any session saved from Zend_Session_Namespace won't be saved in there. Let's say you save and 'Auth' session, zend will think that you did not save the session since it's not stored in $_SESSION['__ZF'] which will cause you a headache why in the world you can't sign in.Anyplace
D
21

Before this drives you mad, there's probably nothing wrong with your code!

Check your application.ini for the session save path, for me it is APPLICATION_PATH '/session'

Now check you have the correct permissions! If not then cd into the application folder and type

sudo chmod 777 session
sudo chown -R [usernamehere] session
sudo chgrp -R [usernamehere] session

Job Done!

Dumfound answered 10/2, 2012 at 9:28 Comment(5)
I have noticed that sometimes when PHP can't write to a file/directory, the error it throws can be a little misleading. I've run into the issue you describe before.Waiter
"Um, it says there's a thunderstorm in Texas. What should we do???" "Don't panic, son. It actually just means my tire pressure is low."Brittaniebrittany
The error is misleading. This put me on the right road, Thanks! make sure the session folder exists.Sellars
why in the world would you make it read/write/execute for everyone?Rigi
it happend on centos7 after php upgrade, it changed owner of default session path /var/lib/php/session so it wasn't writable anymoreIlla
S
19

It's what it says it is. Zend_Auth tries to start a new session, since Zend_Session::start() has not yet been called.

The problem is that Zend_Session::start() has to be called before a session is started. But, since session.autostart is 0 (btw this is in php.ini not .htaccess), you have probably written session_start(); somewhere. You're not allowed to do that, since ZF wishes to have full control over sessions, i.e. you shouldn't access the global session variable directly.

To solve it, search your code files for session_start() and either

  1. remove all occurences but one. To notice if it's already been started, set error_reporting(E_ALL|E_STRICT);
  2. replace it with Zend_Session::start(); at all places

If you can't find all occurrences, find the one session_start(); that bothers your Zend_Auth::getInstance()->hasIdentity() and solve the problem quick n' dirty with the following snippet 

try {
    Zend_Session::start();
} catch(Zend_Session_Exception $e) {
    session_start();
}

If you're using ZF in your whole application, I would go with 2)

Sarthe answered 10/3, 2010 at 19:22 Comment(8)
I tryed this one try { Zend_Session::start(); if(!Zend_Auth::getInstance()->hasIdentity()) { $this->_redirect('auth/login'); }else { $this->user = Zend_Auth::getInstance()->getIdentity(); } } catch(Zend_Session_Exception $e) { session_start(); } and it works besset, but i still have problems, sometimes ith the requestes page empty...Joust
Nice! Feel free to mark the answer as correct if it helped you :) And remember, trust the stack trace, it's often your best friend ;)Sarthe
it is a durty way to catch this arror, but it works and i am happy :)Joust
FACEBOOK SDK HAS session_start()!Pome
@max4ever: there's no reason for facebook to bundle Zend_Session if that's what you mean. Try if(!session_id()) session_start(); in your code instead.Sarthe
i just wanted to point out to other that facebook sdk might be the cause of the problem, facebook sdk already has if()... that but i was still getting errors until i changed it to Zend_Session::start()Pome
@max4ever: I really think ZF is poorly designed in this matter and you are probably right. ZF should be more loosely coupled in this case. (You probably will have to redo your change every time you update your FB SDK.)Sarthe
Please be aware that if you write this inside init() in application/Bootstrap.php, it does remove the error message, but this could cause the session incorrectly stored, it should be stored in $_SESSION['__ZF'], but any session saved from Zend_Session_Namespace won't be saved in there. Let's say you save and 'Auth' session, zend will think that you did not save the session since it's not stored in $_SESSION['__ZF'] which will cause you a headache why in the world you can't sign in.Anyplace
I
12

I had the same error. On local machine, everything worked fine. On server not. My solution was to put Zend_Session::start(); in the index.php before running bootstrap. So that it looks like this:

<?php
// Define path to application directory
defined('APPLICATION_PATH')
    || define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/../application'));

// Define application environment
defined('APPLICATION_ENV')
    || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));

// Ensure library/ is on include_path
set_include_path(implode(PATH_SEPARATOR, array(
    realpath(APPLICATION_PATH . '/../library'),
    get_include_path(),
)));

/** Zend_Application */
require_once 'Zend/Application.php';  

// Create application, bootstrap, and run
$application = new Zend_Application(
    APPLICATION_ENV, 
    APPLICATION_PATH . '/configs/application.ini'
);

error_reporting(E_ALL);
ini_set("display_errors", 1);

Zend_Session::start();

$application->bootstrap()->run();
Inhaler answered 18/11, 2010 at 9:18 Comment(0)
C
4

There are 3 major reasons that produce this issue:

  1. session.auto_start should be set to 0 or off. You can check it by placing phpinfo(); in any file and try to access it in browser, then search auto_start is it 0 or off. If not then set it off or 0.
  2. Check session path session.save_path in configuration at server. If with default configuration it's displaying error 'session has already been started by session.auto-start or session_start()', set it to '/temp'
  3. May be you have used session_start() in your code before zend session initialization.

In most cases the 2nd option is the reason.

Collude answered 28/6, 2012 at 14:31 Comment(0)
L
3

If you are developing applications with the RPCL library (RADPHP) and you are getting this error:

Application raised an exception class Zend_Session_Exception with message 'session has already been started by session.auto-start or session_start()',

then here is my solution.

You will be surprised how simple it is. Simple include the line

require_once("zcommon.inc.php");

just after the opening PHP tag in the file containing ZAuth component – usually this is the file with a DataModule form. Of course make sure the file zcommon.inc.php is in your path. This will ensure that the Zend session will start first instead of the RPCL session.

Also make sure the name of the php files in your application correspond to the name of the containing classes.

Lexine answered 27/5, 2011 at 13:37 Comment(0)
B
3

I'd like to draw your attention to the garbage collection problem, solved here Issues with PHP 5.3 and sessions folder or http://somethingemporium.com/2007/06/obscure-error-with-php5-on-debian-ubuntu-session-phpini-garbage.

After fixing the 'session has already been started' I encountered the GC bug. I suspect that the GC bug might be the root cause for the session bug at least in some instances. So far I have not had enough time to investigate thoroughly, but please comment if GC and session bug are related in your case as well.

Buhrstone answered 2/11, 2011 at 11:10 Comment(0)
B
3

There is an issue opened for this problem:

#25 "session has already been started by session.auto-start or session_start()" error message is misleading

Bufflehead answered 2/12, 2014 at 14:3 Comment(0)
A
2

had the same error. it occured only if two instances of the same session were used at the same time (e.g. two browser instances were loading at the same time). This is a result of php not being able to handle two open sessions with the same id at the same time.

Astrobiology answered 26/10, 2010 at 6:50 Comment(0)
T
2

For those moving from one server to another. Another issue can be user that apache runs under. I was running a different user on my old box that was set on the new one. I used configs from my old httpd.conf, and forgot to update the permissions on /var/lib/php/session to reflect the different user.

To test, I changed the perms to 777. Everything worked fine, error was gone:

# cd /var/lib/php
# chmod 0777 session

So I returned the perms and changed the group. Of course change newApacheUser to the user account you are running httpd on IF NOT apache.

# chmod 0770 session
# chown root:newApacheUser session

Something to check out if your still having this issue:

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'session has already been started by session.auto-start or session_start()'

Thorton answered 19/11, 2010 at 21:43 Comment(0)
O
2

In case this of any use, I cleared this error by taking out session related lines from my application/config/application.ini

;resources.session.save_path = APPLICATION_PATH "/../data/session"
;resources.session.use_only_cookies = true
;resources.session.remember_me_seconds = 3600

Thanks to chelmertz for the insight into the cause of the problem.

Ohare answered 28/10, 2012 at 20:52 Comment(1)
That does not seem to be the core problem of the OP's issue.Latter
S
2

The problem might be related to session.save_path. You can try ini_set('session.save_path', 'path-to-your-session-storage-directory');

Stated answered 6/11, 2019 at 8:24 Comment(0)
S
1

I had the same problem and searching through all of the posts including this one I couldn't find an answer until I released that although I had the same exception result, my error was caused by something completely different.

I actually had an issue with autoloading. Because of the problem during Bootstrap I believe this caused the exception above to be shown (hiding the real error).

So if you went through all of the other possible fixes, try commenting out the details in your Bootstrap and see if that gets you past this problem. Obviously you slowly bring back the different parts of the bootstrap to uncover the real problem.

Significancy answered 30/6, 2010 at 12:46 Comment(0)
H
0

You can try to access the page in a fresh incognito browser.

If it works, maybe it is a browser cache or cookie problem.

An error of this kind could probably appear after using different instances or installations of the same application, which is often the case during development or installation.

Halloran answered 2/2, 2023 at 21:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.