I'm fairly new to PHP and I'm trying to work out the best place in my current scenario to place the session_start() function.
I'm currently making website and the first page to load is index.php which requires db.php to connect to a MySQL database, and only contains an html form for logging in and pushes an error message when the details are invalid.
When the user enters the username & password, the data is passed to checklogin.php, where prepared statements are used and if the data matches then $_SESSION['username'] is called and the user is redirected to portal.php. (If there is no match, it redirects to index.html with an error message now visible.)
My question is, should session_start() be placed at the beginning of index.php (code mainly in html, uses php only to require 'db.php';, to connect to the database and to push the error message if credentials don't match).
Or, should I use it at the beginning of checklogin.php (where $_SESSION['data'] is used for the first time)?