Vital Password Function failure

On one of our sites, which needs to be passworded, the access page (user, password etc) login sends the user to an error page. On another site it works fine with the same settings. It’s fairly vital we keep the site private, and absolutely essesntial in the case of the one that works that we keep that functionality.

This is the message:

Notice: session_start(): A session had already been started - ignoring in /hermes/bosnacweb01/bosnacweb01ae/b2371/ipg.worthmytravelscouk/timnali/login-9b06f9.php on line 21

Warning: Cannot modify header information - headers already sent by (output started at /hermes/bosnacweb01/bosnacweb01ae/b2371/ipg.worthmytravelscouk/timnali/login-9b06f9.php:21) in /hermes/bosnacweb01/bosnacweb01ae/b2371/ipg.worthmytravelscouk/timnali/login-9b06f9.php on line 49

@worthmytravels, please direct this to @duncan at