PHP header can only be called once

I hate spending too much time just trying to solve one little problem. This was seriously one of those times.

To give some background on what I was trying to do, I needed to have a user log into one system and have it automatically authenticate against another site on the same server. Your usual "single sign-on" functionality. The problem was, I didn't want to duplicate a lot of code to encode session data as this app was doing. Instead, I made a request to the login form from the server, passing in the credentials and grabbing the response. Then, I'd pass the Set-Cookie headers back to the client. Voila! Okay, not quite.

First, it turns out that you can't use header more than once for the same header. It's even documented. Fine, I missed that. Then I needed to break down each of the Set-Cookie headers and recreate them as PHP setcookie calls. Lastly, it didn't like that I wasn't setting a path. That meant I was getting the Set-Cookie in the response but it wasn't sticking. That had me banging my head, for sure.

Sometimes you can get spoiled using a framework that handles all of this for you. I was tracing HTTP calls, writing out variables, and checking the database trying to figure out why I had different information in all three places.

Thankfully, it all worked out in the end and now I can move to the next problem.

Published April 11, 2008
Categorized as PHP
Short URL:


10 Comments · RSS feed
Matt Knowlton said on April 11, 2008

Yeah, I have that problem all of the time.
But, I tend to go the setcookie() route most of the time.

I don't use the frameworks, I feel like I'm cheating on a test.
I guess you use whatever you're used to.

Radoslav Stankov said on April 11, 2008

I remember back in the days when I started coding for the first time. Was so strange to why I can't do echo before header. The documentation helped a lot (as always).

Nate Klaiber said on April 11, 2008

Glad you got it all squared away.

@Matt Knowlton
It's only cheating if you don't know the answers at the core. If you know PHP, then you can figure out the core of the Framework and it will only streamline your building process. Cheating would be using said framework without understanding what goes on under the hood.

Lewis said on April 11, 2008

"First, it turns out that you can't use header more than once for the same header"

...Yes you can:

"The optional replace parameter indicates whether the header should replace a previous similar header, or add a second header of the same type. By default it will replace, but if you pass in FALSE as the second argument you can force multiple headers of the same type. For example:"

Plus why are you sending the raw headers for cookies anyway? It's just re-inventing the wheel.

Jonathan Snook said on April 11, 2008

@Lewis: wow, I must be tired. I completely missed that.

Anyways, I wanted to send the raw header because, as I said in the post, I just wanted to passthrough the cookie calls from the other page. Using setcookie meant I had to break the cookies into name/value pairs. Had I looked closer, I could have avoided the whole mess.

Time for me to go to bed...

Lewis said on April 11, 2008

Ah so you just wanted to pass on the cookie headers you received? Sorry I missed that.

Nothing worse than spending ages on 1 tiny, annoying problem. I find it one of the most annoying things in developing because there's nothing you can do to get back those wasted hours and you end up with nothing to show for it. What's worse is when you find out how simple the fix was :P

leveille said on April 12, 2008

I've tried to get better over the years about not getting so stressed out when this crap happens to me. I get so frustrated when something seems so simple and yet I'm getting stuck. I left work on Friday in the middle of one of these monster simple issues, and surprise, it's client side and involves IE.

Mohammad Elkersh said on April 12, 2008

Put this as first thing on your file "Nothing before it even a white space"


Put this as Last thing in page "Not thing after this at all "


Of course between php open and close tags
This will solve the problem
in my application i always use one index file and put this in that file you can do this or but them in header and footer

what that exactly do is turn on some sort of buffer and will not send the header until all the page processed

I wish that help


Andrew said on April 13, 2008

It's like the missing semicolons - there's always one floating somewhere...

Or the cast conversions (in C++ for me), but yeah, there's always some small piece of code or documentation that you're missing - I tried to develop without the internet recently and found it hard because I'm used to being able to read documentation online.

Sean Sullivan said on September 08, 2008


I too, completely missed that second parameter on header()... When in the heat of battle it can be a little hard to take a deep breath and read the manual =)

Sorry, comments are closed for this post. If you have any further questions or comments, feel free to send them to me directly.