Session question

Not open for further replies.


New Member
Hi guys

I am trying to implement a session check but its throwing a warning as I am tec calling session_start() twice.

Basically I have a main.php page that has a ajax call to ajax.php page. I want to access the session in both the main.php page and ajax.php page however to do this I have to call session_start() in both pages which is throwing a warning: Warning: session_start(): Cannot send session cache....

I have suppressed it by using the @session_start() but anyone ideas to do this the "right way"

The session info is for CSRF check so the ajax page cannot be called either off site or directly - using 'xmlhttprequest' also just incase anyone suggests this


it's a bit hard to say without seeing the code.

If you start a new session in the ajax.php then, well you'll have a new session ID and all that lark, why not access the $_SESSION variable ? PHP: $_SESSION - Manual


New Member
Its not that I want to start a new session but I want to get the session information in the ajax page. Basically I create a csrf token and session in the main.php page and I want to check on the ajax page that the request came from the given page. To do this it states that I have to run the session.start(); but as I have already called it in the main.php I get the warning. Here is a snippit of the code:

for the ajax:

beforeSend: function() { },
type: "POST",
url: "admin-infoload.php",
data: "appid="+$currentId+"&year="+$yearvar+"&csrf_token=<?= create_csrf_tag();?>",

//create_csrf_tag() creates a token tag and creates a session of the same name

then in the ajax page I do this:


if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {

if(request_is_post()) {

if(!csrf_token_is_valid() || !csrf_token_is_recent()) {

csrf_token_is_valid checks if the post item matches the session item and checks if it was created within 60 seconds. By adding the @ I am suppressing the warning message and code works fine but obviously I want to know the "right way" of doing this.

Not open for further replies.
Award-winning Mac antivirus and Internet security software