Search code examples
phpzend-frameworksession.htaccesszend-auth

"session has already been started...." exception in Zend Framework application

I get this error when trying to load a Zend Framework application:

Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'session has already been started by session.auto-start or session_start()' in /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session.php:462

Stack trace:

#0 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session/Namespace.php(143): Zend_Session::start(true)

#1 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth/Storage/Session.php(87): Zend_Session_Namespace->__construct('Zend_Auth')

#2 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth.php(91): Zend_Auth_Storage_Session->__construct()

#3 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Auth.php(141): Zend_Auth->getStorage()

#4 /www/htdocs/w00a1ed7/autospin/redaktion/application/layouts/scripts/layout.phtml(31): Zend_Auth->hasIdentity()

#5 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/View.php(108): include('/www/htdocs/w00...')

#6 /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/View/Abstract.php(831): Zend_View->_run('/www/htdocs/w00...')

#7 /www/htdocs/w00a1ed in /www/htdocs/w00a1ed7/autospin/redaktion/library/Zend/Session.php on line 462

I Use Zend_Auth and on my local server and it works well, but on a production server I get the preceding error, but not every time.

I have checked that session.autostart is set to 0 in the .htaccess file.

How do I fix this error?

Thank you for your Answer, but I do not user session_start() anywhere. Work only with ZF.

I Have this Problem only on shared server, on my local server script works perfectly.

I Use INIT Function with this code:

protected $user;

public function init()
{   
    if(!Zend_Auth::getInstance()->hasIdentity())
    {
        $this->_redirect('auth/login');
    }else
    {
        $this->user = Zend_Auth::getInstance()->getIdentity();
    }
}

I allready try to set tis code only in indexAction, so that other actions do not have to chack the Auth... but still have problems.

Ist there a way to set in an Action to do not check about session or somethink like this?

Beste regards

Solution

  • It's what it says it is. Zend_Auth tries to start a new session, since Zend_Session::start() has not yet been called.

    The problem is that Zend_Session::start() has to be called before a session is started. But, since session.autostart is 0 (btw this is in php.ini not .htaccess), you have probably written session_start(); somewhere. You're not allowed to do that, since ZF wishes to have full control over sessions, i.e. you shouldn't access the global session variable directly.

    To solve it, search your code files for session_start() and either

    1. remove all occurences but one. To notice if it's already been started, set error_reporting(E_ALL|E_STRICT);
    2. replace it with Zend_Session::start(); at all places

    If you can't find all occurrences, find the one session_start(); that bothers your Zend_Auth::getInstance()->hasIdentity() and solve the problem quick n' dirty with the following snippet 

    try {
    Zend_Session::start();
} catch(Zend_Session_Exception $e) {
    session_start();
}

    If you're using ZF in your whole application, I would go with 2)