Description
The session functions session_start(), session_set_save_handler(), session_set_cookie_params() are not checking for headers_sent() or other hazards, and issues are not handled gracefully.
If you get errors like:
ERR (3): Warning: session_set_save_handler(): Cannot change save handler when headers already sent in app/code/local/Cm/RedisSession/Model/Session.php on line 85
ERR (3): Warning: session_set_cookie_params(): Cannot change session cookie parameters when headers already sent in app/code/core/Mage/Core/Model/Session/Abstract/Varien.php on line 124
ERR (3): Warning: session_start(): Cannot start session when headers already sent in app/code/core/Mage/Core/Model/Session/Abstract/Varien.php on line 150
..it probably means output is starting somewhere where it should not (an error, a stray whitespace).
I'd argue that these errors should be logged, along with some useful metadata, like the URL. Also, we might consider letting the request through. An anonymous user/bot may not care about having a session? This is treachy terriroty of course...what if he adds something to his cart?
In any case, session_start() does not respond well to try { } catch {} so it'll have to be something else: https://stackoverflow.com/questions/16568262/php-session-start-general-error-handling