不能创建SESSION

<?php
    ob_start();
    session_start();
    require ('openid.php');
    function logout() {
        echo '<form action="logout.php" method="post"><button class="btn btn-danger" type="submit"><i class="fa fa-power-off"></i> Log Out</button></form>'; //logout button
    }
    function steamlogin() {
        try {
            require("settings.php");
            $openid = new LightOpenID($domain);
            if(!$openid->mode) {
                if(isset($_GET['login'])) {
                    $openid->identity = 'http://steamcommunity.com/openid';
                    header('Location: ' . $openid->authUrl());
                }
            return "<form action='"?login'" method='"post'"> <input type='"image'" src='"http://cdn.steamcommunity.com/public/images/signinthroughsteam/sits_large_noborder.png'"></form>";
            }
             elseif($openid->mode == 'cancel') {
                echo 'User has canceled authentication!';
            } else {
                if($openid->validate()) {
                        $id = $openid->identity;
                        $ptn = "/^http:'/'/steamcommunity'.com'/openid'/id'/(7[0-9]{15,25}+)$/";
                        preg_match($ptn, $id, $matches);
                        $steamid = $matches[1];
                                        $link = file_get_contents("http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=".$key."&steamids=".$steamid."");
                                        $decode = json_decode($link);
                                        $newlink = $decode->response->players->profileurl;
                                        $xml = simplexml_load_file($newlink."?xml=1");
                                        @$custom = $xml->customURL;
                                        if(strlen($custom) <= 4){      
                                                $user = $xml->steamID64;
                                        } else {
                                                $user = $custom;
                                        }      
                                        $_SESSION['steamid'] = $user;
                        //Determine the return to page. We substract "login&"" to remove the login var from the URL.
                        //"file.php?login&foo=bar" would become "file.php?foo=bar"
                        $returnTo = str_replace('login&', '', $_GET['openid_return_to']);
                        //If it didn't change anything, it means that there's no additionals vars, so remove the login var so that we don't get redirected to Steam over and over.
                        if($returnTo === $_GET['openid_return_to']) $returnTo = str_replace('?login', '', $_GET['openid_return_to']);
                        header('Location: '.$returnTo);
                } else {
                        echo "User is not logged in.'n";
                }
            }
        } catch(ErrorException $e) {
            echo $e->getMessage();
        }
    }

我检查了这个代码10次(至少)，但我不明白为什么它不创建$_SESSION['steamid']。你能帮我吗?

我编辑了第一篇文章