Problem with sessions

I am working on my websites login system. But when I login it goes through all my security checks and then when it is suppose to start the session it gives me this error.

“Cannot send session cookie - headers already sent by (output started at /Applications/XAMPP/xamppfiles/htdocs/Site/Sign_In.php:7)”

Here is my code


               <?php

	        session_start();
		
		include 'Include/Database.php';
		
		$Mail = mysql_real_escape_string(strip_tags(trim($_POST['Mail'])));
		$Password = mysql_real_escape_string(md5(strip_tags(trim($_POST['Password']))));
	
		if ($Mail && $Password) {
	
			$Query =  mysql_query("SELECT * FROM Users WHERE Email='$Mail' AND Enabled='1'");
			
			$Rows_Number = mysql_num_rows($Query);
			
			if($Rows_Number==0) {
			
				echo '<span class="Label" style="color: #CC0000;">Username or password is incorrect</span>';
			
			}else{
			
				while($Fetch_Row = mysql_fetch_assoc($Query)) 
				{
				$DB_Mail = $Fetch_Row['Email'];
				$DB_Password = $Fetch_Row['Password'];
				}
				
				if($DB_Mail==$Mail && $DB_Password==$Password) {
					
					$_SESSION['User_Session'] = $DB_Mail;
					echo $_SESSION['User_Session'];
				
				}else{
				
					echo '<span class="Label" style="color: #CC0000;">Username or password is incorrect</span>';
				
				}
				
			}
			
		}else{
		
			echo '<span class="Label" style="color: #CC0000;">Your must enter you mail and password</span>';
			
		}
                ?>

Does anybody know the problem?

Try getting rid of any whitespace before the session_start() function. That error means that something has output data to the browser before you call session_start.

On a sidenote, you don’t need to use mysql_real_escape_string for your $Password variable since you MD5 it. The md5() function will only return an alpha/numeric string; so you’re in no danger of SQL injection.

As pointed by kduv above, I suspect that you have some spaces before opening PHP tag:


               <?php

Which should start without any spaces at the very top of your PHP script file:


<?php
session_start();
// then do whatever you need....

My code it not actually like that, it is just appearing that way on this forum.

So are you sure that there is no white space or any output (anything html tags even <html><head> tags…) above the use of session_start()? But I am sure that there is something has gone as output before the use of session_start() function. Please look at it very carefully. Maybe you have included/required some files and those files have those spaces/output/echo/print ?

One thing that can cause it sometimes is the presence of a BOM at the start of a script, check that you’ve not got a BOM at the start