php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #35703 when session_name("123") consist only digits, should warning
Submitted: 2005-12-16 10:39 UTC Modified: 2013-06-27 10:39 UTC
Votes:4
Avg. Score:1.8 ± 1.3
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: samuelkid at citiz dot net Assigned: yohgaki (profile)
Status: Closed Package: *General Issues
PHP Version: 5.1.1 OS: redhat 7.3
Private report: No CVE-ID: None
 [2005-12-16 10:39 UTC] samuelkid at citiz dot net
Description:
------------
as php manual says:
Session name can't consist only from digits, at least one letter must be present. Otherwise new session id is generated every time. 

http://php.liukang.com/manual/en/function.session-name.php

so, when session("123"), it should be warning or something,
but it is not

Reproduce code:
---------------
session_name("123")



Expected result:
----------------
warning:   or something

Actual result:
--------------
actually "123" works fine

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-27 10:27 UTC] yohgaki@php.net
-Status: Open +Status: Analyzed -Package: Feature/Change Request +Package: *General Issues
 [2013-06-27 10:27 UTC] yohgaki@php.net
This is because session name is string, but session id name stored in 
$_COOKIE/$_GET/$_POST has long key.

i.e. Cannot find session id with zend_hash_find() since it is numeric(long) key.

session.name can be check in INI update function.
 [2013-06-27 10:39 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-06-29 00:48 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bfb4c3156fa68568a52d1c3c6b745b33088c2d46
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2013-06-29 00:48 UTC] yohgaki@php.net
-Status: Analyzed +Status: Closed
 [2013-06-29 02:38 UTC] yohgaki@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2013-07-02 06:26 UTC] ab@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2013-11-17 09:30 UTC] laruence@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bfb4c3156fa68568a52d1c3c6b745b33088c2d46
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2014-10-07 23:18 UTC] stas@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2014-10-07 23:29 UTC] stas@php.net
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 04:01:31 2024 UTC