Session start not making sense to me


I’m working on a bought login script and this line is not making any sense to me

<?php ob_start(); ?>
<?php include_once('classes/translate.class.php'); ?>
<?php if (!isset($_SESSION)) session_start(); ?> <---- this logic is not making sense to me.

It says if $_SESSION is not set then start session. My question is if $_SESSION is not set why would you want to start a session… Shouldn’t I start/ continue a session only if that is set… Other wise any one would be able to log into my protected pages right?

I don’t know how old/good that code is, but IMHO putting session_start inside a buffer to avoid “headers already sent” errors makes me wonder. I try to put session_start first (i.e. before the include) unless it absolutely can’t be done that way.

Perhaps you are thinking that session_start is doing something more than it does?

I’m all confused with that script, it works with their provided design but integrating with my design has been difficult…
I looked into this

<?php include_once('classes/translate.class.php'); ?>

and I found that the session actually starts in this class file already. That class file has

$setTranslate = new Translate();

at the end

Chances are you’re going to need to use SESSION for your login state to be page-to-page without having to login every page or worse have the code fail. So if you’re using the script I wouldn’t hack that line out.
Hopefully the code is secure enough so that “any one would be able to log into my protected pages” won’t be possible.

[fphp]include_once[/fphp] is unlike [fphp]require_once[/fphp] in that if the include fails the script will continue.
The code is probably written to take this possibility into consideration and do something appropriate if it does happen (eg. show error message, redirect to login page??)