Session Error

[Titan85]

I have been working on a login script for a while now and finally got it to work, but it seems that even though the login is a success, the session is not set. Here is my code for setting the session:

PHP Code:

if($pass = $q['password']) {
        
        echo 'You are now logged in! <br />
        <a href="admin/">Control Panel</a>';
        
    session_start();
    $_SESSION['user'] = $username; // Set username session
    $_SESSION['pass'] = $pass; // Set password session
    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Set ip session
    }
    
    else {
        echo'Login attempt failed. <br />
        <a href="login.php">Retry</a>';
    } 


When I login, it gives the success message, but an error as well. Here is the error: "Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/bntqann/public_html/testing/login/login.php:22) in /home/bntqann/public_html/testing/login/login.php on line 24". I don't get why it is saying that since the session_start() that it says is failing is the one it is saying is already set.
If it is set, then there must be something wrong with how I am checking for it, here is what I have:

PHP Code:

<?php
    if(empty($_SESSION['user']) && empty($_SESSION['pass']) && $_SESSION['ip'] != $_SERVER['REMOTE_ADDR']) {
    header('Location: register.php');
}

else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Test</title>
</head>

<body>
If you can see this, you are logged in!
</body>
</html>
<?
}
?>

Thanks for any help

[alexjewell]

the problem is you're echoing before you start the session.
echo the message AFTER the session is started:

PHP Code:

if($pass = $q['password']) {

    session_start();
    $_SESSION['user'] = $username; // Set username session
    $_SESSION['pass'] = $pass; // Set password session
    $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Set ip session
        
        echo 'You are now logged in! <br />
        <a href="admin/">Control Panel</a>';
    }
    
    else {
        echo'Login attempt failed. <br />
        <a href="login.php">Retry</a>';
    } 


make sense?
also, you can then put the session variables into regular variables too, so you can easily use them (for example, in front of the success message, you could have: 'Loser, you are now logged in!'. So, like, you could do: $user = $_SESSION['user']; or something after the block that says what 'user' is.
but that's just my little tidbit.

hope that helps.

[Titan85]

Ok, I put the session before the message being echoed and the error is gone, but it still won't let me see pages that I have put:

PHP Code:

<?php
    if(empty($_SESSION['user']) && empty($_SESSION['pass']) && $_SESSION['ip'] != $_SERVER['REMOTE_ADDR']) {
    header('Location: login.php');
}

else {

It just takes me back to login.php (what I specified for it to do if a session is not found. Any ideas. I appreciate the help

[alexjewell]

ok - the page that has the code to check the session, do you have a session_start() on that page?
you must in order to check any session variables.

[Titan85]

ok - the page that has the code to check the session, do you have a session_start() on that page?
you must in order to check any session variables.

Well, that was the problem. Once again I miss a simple thing and it everything up . I didn't even notice it was you in the first post lol. Good to hear from you . Thanks

[alexjewell]

No prob bro - I'll catch you on aim sometime. Glad it's working.