PHP session for user authentication

Question

I'm going to use cookies and sessions to indentify the user. So, sessions will be used only when user chose the 'Don't remeber me' option. I include the identification file in the top of every page of website. User's session looks like $_SESSION['user']

And than is my question:

Must I place to the authentication file session_start() instruction? I asked it because new session creates every time I use this instruction.

Update http://pastebin.com/Nh3zj6mR user identification script

Answer 1

Yes, you have to place session_start() at top of every php page (before any output was generated, no headers must have sent before) to tell php to accept / start session, expect your php.ini is setup, that sessions start automatic.

I asked it because new session creates every time I use this instruction.<<

That is a hint, that your browser ignore (disallow) session cookies

Answer 2

Unless you execute session_start(), PHP's session mechanism will NOT activate. The $_SESSION will be present, you'll be able to read/modify it, but its values will NOT be persisted - e.g... the contents will be lost when the script exits.

If you are running session_start() in every script that uses session data, but the session data is not showing up, then there's probably a misconfiguration causing the session cookie to be lost, and PHP is creating a new session each time.