PHP7.2.7-fpm/Docker ini_set(): Headers already sent. You cannot change the session module's ini settings at this time

3
votes

I'm trying to have a secure login page, which was working fine, whilst working with XAMPP, but now that i have switched to Docker, i am getting this error:

Warning: ini_set(): Headers already sent. You cannot change the session module's ini settings at this time in /var/www/inc/cUser.php on line 30

I'm not sure, if there is some settings i need to do on the container itself and i haven't found a solution so far

I get $_POST Data from a form and pass it on to my process.php:

require_once(dirname($_SERVER['DOCUMENT_ROOT']) . '/inc/autoloader.php');
  $user = new cUser();

  $user -> sec_session_start();

cUser.php:

protected function sec_session() {
    define("SECURE", true);
    $session_name = 'sec_session_id';   
    $secure = SECURE;
    $httponly = true;
    if (ini_set('session.use_only_cookies', 1) === FALSE) {
    //header("Location: /error.php?err=Could not initiate a safe session (ini_set)"); 
// here i got the same error twice, so i commented it out and used the code below
        echo("<script>location.href = /error.php?err=Could not initiate a safe session (ini_set);</script>");
            exit();
        }
        $cookieParams = session_get_cookie_params();
        session_set_cookie_params($cookieParams["lifetime"],
            $cookieParams["path"],
            $cookieParams["domain"],
            $secure,
            $httponly);
        session_name($session_name);
        session_start();  
        session_regenerate_id();
    }

The above works fine and i come back to my process.php:

if ($login) {
              // Login successful
              exit(header('Location: /index.php'));
          } else {
              // Login not successful
              exit(header('Location: /error.php?error=1'));
          }

and i get successfully redirected to index.php. In my index.php i call the same method again, to make sure i have the correct user and is authorized to view the page:

require_once(dirname($_SERVER['DOCUMENT_ROOT']) . '/inc/autoloader.php');
  $user = new cUser();

  $user -> sec_session_start();

and now i stumble onto the error. This is the line:

if (ini_set('session.use_only_cookies', 1) === FALSE) {

I'm not sure what can be wrong here, can someone help me please?

1
phpdockerini-set
Make sure you call ini_set() before you do anything that sends headers, such as session_start() or setcookie().Barmar
@barmar but that is already the casetmzafar

1 Answers

1
votes

I think it's key to understand what causes Headers already sent errors in order to ghet to the bottom of what your error is.

When someone requests a webpage, the first bit of the page before any form of HTML is sent is a set of headers. These are key value pairs that contain key information about a page like it's status code (200 for success, 404 for not found etc).

It also contains cookie information which is key to how PHP sessions work (this, I suspect you may know given the commands you're executing).

As headers are sent at the beginning of a request, if you have put any output to the page which isn't header related (even a newline that is outside the <?php tags) this will prevent any additional headers being send and throw the error that you're seeing.

Given the symptoms that you're seeing (this previously worked, not working in Docker), the most likely cause is that there is either a configuration difference in terms of error reporting (the error reporting in the Docker container is set to be higher than it was in XAMPP) or PHP version (potentially using a newer version of PHP in your Docker container than you were on XAMPP).

None of the code you've posted looks like it should error, so I would assume this potential error is occurring in your autoloader.php file.