# Warning: session_start(): Cannot start session when headers already sent in /var/www/app/src/Controller/AuthController.php on line 23

- **ID:** `php/session-header-already-sent-output-buffering`
- **Domain:** php
- **Category:** runtime_error
- **Verification:** ai_generated
- **Fix Rate:** 90%

## Root Cause

Output (e.g., whitespace, HTML, or BOM) was sent to the browser before session_start() was called, preventing PHP from setting session cookies or headers.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| PHP 8.1.0 | active | — | — |
| PHP 8.2.0 | active | — | — |
| PHP 8.3.0 | active | — | — |

## Workarounds

1. **Enable output buffering in php.ini:
output_buffering = 4096
This buffers all output until the script ends, allowing headers to be sent later.** (85% success)
   ```
   Enable output buffering in php.ini:
output_buffering = 4096
This buffers all output until the script ends, allowing headers to be sent later.
   ```
2. **Remove any whitespace or BOM before <?php in all included files, and ensure session_start() is called before any echo or HTML:
<?php
session_start();
// rest of code
?>** (95% success)
   ```
   Remove any whitespace or BOM before <?php in all included files, and ensure session_start() is called before any echo or HTML:
<?php
session_start();
// rest of code
?>
   ```

## Dead Ends

- **Adding ob_start() at the top of every script to buffer output** — This masks the issue and can cause memory bloat; it doesn't fix the root cause of premature output. (75% fail)
- **Moving session_start() to the very end of the file** — Session must be started before any output; moving it later will still fail if there is output before it. (90% fail)