Session Question

unfortunately no go:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/eurotime/public_html/xxxxx/admin/admin-infoload.php:1) in

its being called in the ajax page though? so I have a whole page before it?

It is so in main.php its the first line of code then I call ajax at end of page and this ajax.php page has it at the top to get the session variable that was created in the main.php page. So when the main.php page calls the ajax page there is suddenly two calls and hence the error. Without making the session.start call on the ajax page I cannot get the info from the session.

So if I need it in both the main.php and the ajax.php how do you code it correctly? as I have tried the above and still throws the error. Realistically I want to know the best practice or right way to do it. As I think I will use this type of coding for a few of my online applications. I can suppress the error but I would to do it the "right way". Is there a command I should run before the ajax call maybe??

If I was able just to call it at the top of the main.php it would be fine but the fact that I need it in both is the prob

ob_start();
define ( "OBSERVERSHIP_APP", 1 );
/*
* Set up a constant to your main application path
*/
few defines and include functions here

sec_session_start();

in this function this is what is called:

$session_name = 'sec_session_id'; // Set a custom session name

$httponly = true;

if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}

$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);

session_name($session_name);
session_start();
session_regenerate_id();

then loads of general code then in the script at the bottom there is this call in a script:

var t = setTimeout( function() {
$.ajax({
beforeSend: function() { },
type: "POST",
url: "admin-infoload.php",
data: "appid="+$currentId+"&year="+$yearvar+"&csrf_token=<?= create_csrf_tag();?>",

the create_csrf_tag() adds a field to the submission but also creates this value in a session.
the follow page then looks at the same function above and checks if the csrf is valid

Ps. thanks for the time you are taking on this much appreciate the input

THats where the conflict is - once the ajax is called its bringing in the admin-inload.php(this is the ajax file). And on top of that is the session.start(); as it exists already page goes bananas. I cannot figure out how to use the session in the page and the ajax as essentially I'm bringing in the ajax page into the main.php page. Maybe I need to look at the code on my ajax.php page to see if too much content is coming back over as it seems the session call is being brought back if that makes sence