I need a second set of eyes

I keep getting this error and don't really understand it, despite a lot of research I haven't been able to to find a solution (or, frankly, a cause).

The error

Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively in Unknown on line 0


This doesn't really make sense as I'm using PHP 5.

This error occurs when I visit this page immediately following a successful login. If i click refresh, it goes away. My guess is that it's related to the fact that i'm including all these files, which might have the same variable names???

Here is the page, let me know if you need to see the includes as well


<?php //my-races.php

#Authenticate User
session_start();

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="styles/style.css" type="text/css" />
</head>

<body>
<div id="wrap">
<h1> Profile Page</h1>
<?php include ('includes/nav.php');?>


<div id="right_content">
<?php include('includes/profile.php');?>
</div><!--Right Content-->

<!-- <div id="center_content">
</div>Center Content-->

<?php
#If user is logged in
if (isset($_SESSION['username']))
{
include('includes/save-race-form.php');

?>


<div class="table">
<?php
include('includes/race-list.php');
}
#If user is not logged in
else
{
?>
<div id="saverace">
<form method="post" action="authenticate.php">
<fieldset>
<legend>Please login to view races</legend>
<label>Username</label><input type="text" name="username" />
<label>Password</label><input type="password" name="password" />
<input type="submit" value="Login" />
<h5><a href="lostpassword.php">Forgot my password</a></h5>
</fieldset>
</form>
</div><?php
}?>
</div> <!--Race List-->

</div><!--Wrap-->

<?php include('includes/footer.php');?>
</body>
</html>

It appears a piece of code you are using was used up until PHP4. When PHP5 came out, the code tag no longer exists and you need to update it to the new tag.

The other thing would be is in your .htaccess you need to enabled register_globals.

The other thing would be is in your .htaccess you need to enabled register_globals.It's turned off for a reason. You should code in all the variables properly instead, and update the script to PHP5 standard

It's turned off for a reason. You should code in all the variables properly instead, and update the script to PHP5 standard

Can you see anything in the script that isn't up to snuff?

This is my first real PHP project and everything I'm learning (base on the text i'm learning from) is based on PHP 5 and if it doesn't come out of the text I own it comes straight from the PHP manual.

Interestingly I can't seem to replicate it at the moment. May it have something to do with relying on sessions on a non-dedicated server?

Nothing appears wrong with the script, it must be in one of the include files.

Nothing appears wrong with the script, it must be in one of the include files.

Is there something that would cause that error? It's telling me that the $_SESSION is relying on global variables except that $_SESSION will not accept global variables. Global variables aren't on, I wouldn't try to use them anyways.

Depends on what is in those scripts. This is how I use my sessions.

session_start();
if(empty($_SESSION['user_id'])){
header("location:login.html");
}

Depends on what is in those scripts. This is how I use my sessions.

session_start();
if(empty($_SESSION['user_id'])){
header("location:login.html");
}


Should I really only be storing that one variable through sessions (ie. a unique user identifier)?

As of right now i'm utilizing it for a few things related to the user.

You can store whatever you want. You just need a particular way of defining a user as unique, which is provided by the session handling itself - the cookie or SID it will provide you with. That said you should still try you're best to validate a user for who they claim to be to prevent session hijacking.

I myself have not used the built in session handling in years.

The problem lies in one of you're includes I'd suspect. If it goes away on a refresh, I'd suspect something along the lines of setting a session value to an unset global value passed through you're form or url, possibly extracted. Once set, it bypasses the isset / !empty check on you're session thus allowing the warn to disappear. Pay particularly close attention to any reference handling in this one as well.

Technically you can disable to warning, but I do not recommend it.
Two potential changes in you're ini could fix this:
session.bug_compat_42 = 1
session.bug_compat_warn = 0


I think I remember this one now!
If you check, you'll likely have output_buffering enabled by default. Now, if you go through all of you're affected files with notepad or a simple text editor. Remove any spaces/bom and save. I assume that session_start() has been initiated prior to any other output. The includes will be done IN PLACE of call, so if any of those initiate a session_start after that html has been output, then its invalid again.
If you can, disable the output buffering. Fix any errors caused by that and go from there.