"session has already been started...." exception in Zend Framework application

Before this drives you mad, there's probably nothing wrong with your code!

Check your application.ini for the session save path, for me it is APPLICATION_PATH '/session'

Now check you have the correct permissions! If not then cd into the application folder and type

sudo chmod 777 session
sudo chown -R [usernamehere] session
sudo chgrp -R [usernamehere] session

Job Done!


I had the same error. On local machine, everything worked fine. On server not. My solution was to put Zend_Session::start(); in the index.php before running bootstrap. So that it looks like this:

<?php
// Define path to application directory
defined('APPLICATION_PATH')
    || define('APPLICATION_PATH', realpath(dirname(__FILE__) . '/../application'));

// Define application environment
defined('APPLICATION_ENV')
    || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));

// Ensure library/ is on include_path
set_include_path(implode(PATH_SEPARATOR, array(
    realpath(APPLICATION_PATH . '/../library'),
    get_include_path(),
)));

/** Zend_Application */
require_once 'Zend/Application.php';  

// Create application, bootstrap, and run
$application = new Zend_Application(
    APPLICATION_ENV, 
    APPLICATION_PATH . '/configs/application.ini'
);

error_reporting(E_ALL);
ini_set("display_errors", 1);

Zend_Session::start();

$application->bootstrap()->run();

It's what it says it is. Zend_Auth tries to start a new session, since Zend_Session::start() has not yet been called.

The problem is that Zend_Session::start() has to be called before a session is started. But, since session.autostart is 0 (btw this is in php.ini not .htaccess), you have probably written session_start(); somewhere. You're not allowed to do that, since ZF wishes to have full control over sessions, i.e. you shouldn't access the global session variable directly.

To solve it, search your code files for session_start() and either

  1. remove all occurences but one. To notice if it's already been started, set error_reporting(E_ALL|E_STRICT);
  2. replace it with Zend_Session::start(); at all places

If you can't find all occurrences, find the one session_start(); that bothers your Zend_Auth::getInstance()->hasIdentity() and solve the problem quick n' dirty with the following snippet

try {
    Zend_Session::start();
} catch(Zend_Session_Exception $e) {
    session_start();
}

If you're using ZF in your whole application, I would go with 2)