From 396b02553791d555c892db696f5d70377d926c0a Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Mon, 3 Nov 2025 13:20:05 -0700
Subject: [PATCH] Check if the session is started to prevent PHP warnings
 (#7604)

---
 resources/require.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/require.php b/resources/require.php
index d4633a6693..e98bb5add2 100644
--- a/resources/require.php
+++ b/resources/require.php
@@ -89,7 +89,7 @@
 	$database = database::new(['config' => $config]);
 
 //security headers
-	if (!defined('STDIN')) {
+	if (!defined('STDIN') && session_status() === PHP_SESSION_NONE) {
 		header("X-Frame-Options: SAMEORIGIN");
 		header("Content-Security-Policy: frame-ancestors 'self';");
 		header("X-Content-Type-Options: nosniff");
@@ -99,7 +99,7 @@
 
 //start the session if not using the command line
 	global $no_session;
-	if (!defined('STDIN') && empty($no_session)) {
+	if (!defined('STDIN') && empty($no_session) && session_status() === PHP_SESSION_NONE) {
 		ini_set('session.cookie_httponly', !isset($conf['session.cookie_httponly']) ? 'true' : (!empty($config->get('session.cookie_httponly')) ? 'true' : 'false'));
 		ini_set('session.cookie_secure', !isset($conf['session.cookie_secure']) ? 'true' : (!empty($config->get('session.cookie_secure')) ? 'true' : 'false'));
 		ini_set('session.cookie_samesite', $config->get('session.cookie_samesite', 'Lax'));