PHP Warning: session_start() — Session Already Started — What It Means & How to Fix It

What Does This Error Mean?

This warning means session_start() was called more than once in your PHP script — or a session was already started by an included file. You only need to start a session once per request. Calling session_start() a second time generates this warning. The fix is to check if a session is already running before calling session_start(), or to ensure it is only called once in your code.

Affected Models

PHP 5.x
PHP 7.x
PHP 8.x
All PHP versions

Common Causes

session_start() is called in multiple included files — like in both header.php and the main page file
session_start() is called twice in the same file
A framework or library automatically starts a session and your code also calls session_start()
session_start() is called after some output has already been sent — which also generates a headers warning
Conditional code paths both call session_start() independently

How to Fix It

Use session_status() to check before calling session_start(): if (session_status() === PHP_SESSION_NONE) { session_start(); }

PHP_SESSION_NONE means no session is running. PHP_SESSION_ACTIVE means one is already running. PHP_SESSION_DISABLED means sessions are disabled entirely.
Search your codebase for all session_start() calls and consolidate them. Ideally call it only once, at the very top of your bootstrap or main entry file.

A common best practice: put session_start() in a single include file (like init.php or config.php) that is included once by every page.
Make sure session_start() is called BEFORE any output. Even a blank line or space before the opening <?php tag counts as output and will also cause a 'headers already sent' warning.

The session_start() function sends HTTP headers. Headers must be sent before any page content. Check that no whitespace, BOM, or echo statements precede it.
If using a framework, check how it handles sessions. Most frameworks (Laravel, Symfony, CodeIgniter) manage sessions internally — you should not call session_start() yourself.

Calling session_start() alongside a framework's session management can cause conflicts. Use the framework's session API instead.
If you want to write code that can safely be included multiple times, always use the session_status() check pattern. It is a one-liner protection that prevents all double-start issues.

Wrapping it in a helper function is even cleaner: function ensureSession() { if (session_status() === PHP_SESSION_NONE) { session_start(); } }

When to Call a Professional

Session double-start warnings are easy to fix. The safest approach is to always check the session status before calling session_start(). This makes the call idempotent — safe to call multiple times without causing errors.

Frequently Asked Questions

What is a PHP session?

A session is a way to store information about a user across multiple page requests. When a session starts, PHP creates a unique ID for the user, stores it in a cookie, and saves associated data on the server. This lets you remember that a user is logged in, their shopping cart contents, their preferences, etc. across different pages. session_start() must be called before accessing any $_SESSION variables.

What is the difference between sessions and cookies?

Sessions store data on the server — the user's browser only holds a small ID value in a cookie. Cookies store data directly in the user's browser. Sessions are more secure for sensitive data (like login status) because the data is on your server, not in the browser. Cookies are better for small amounts of data that need to persist long-term, like user preferences.

How do I check if a user is logged in using sessions?

After calling session_start(), check if your login variable exists: if (isset($_SESSION['user_id'])) — the user is logged in. When a user logs in, set the session variable: $_SESSION['user_id'] = $userId; When they log out, destroy the session: session_destroy(); and unset the variables: $_SESSION = [];