php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #31184 Illegal Characters in SessionID, session_name when set to "sid".
Submitted: 2004-12-19 12:12 UTC Modified: 2004-12-26 14:13 UTC
From: kamil at kube dot org Assigned:
Status: Closed Package: Session related
PHP Version: 5CVS-2004-12-19 (dev) OS: Redhat 9
Private report: No CVE-ID: None
View Developer Edit
 [2004-12-19 12:12 UTC] kamil at kube dot org 
Description:
------------
Hi,

once I've updated first to 5.0.3 and now also to the latest snapshot, I get "illegal character errors" when starting a session with session name "sid" (defined in php.ini for default, see examples below).

When I change the session name to another value (like "foo" for example), everything works fine and the session id is set correctly.

When I change the "foo" in the working example to "sid" to set the session name explicit to that value, the same errors occur.

Thanks for help and best regards,
Kamil

Reproduce code:
---------------
<?
// Error code: Session name is "sid" for default from php.ini.
session_start();

echo 'Session Name: '.session_name().'<br />';
echo 'Session Id: '.session_id().'<br />';
?>

<?
// This code works fine (when changing foo to sid it also does not work).
session_name('foo');
session_start();

echo 'Session Name: '.session_name().'<br />';
echo 'Session Id: '.session_id().'<br />';
?>

Expected result:
----------------
From error code:

Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /web/music2deal/htdocs/bla1.php on line 3
Session Name: sid
Session Id: 

Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

--------
From the working code:

Session Name: foo
Session Id: u4i4o1hekpranqom4m8tu1u074

Patches

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-12-19 12:33 UTC] derick@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

.
 [2004-12-19 12:55 UTC] kamil at kube dot org 
Hi Derik, 
sorry to bother you, but could you tell me why this is bogus? I spent the whole day searching for an explanation and didn't found anything at google nor at the php.net pages. A session name "sid" did work fine all the time until now...
Thanks,
Kamil
 [2004-12-19 23:04 UTC] jed@php.net 
Not to supplant Derick, but I have a guess: "SID" is a defined constant in PHP that gives the current session identifier, hence the warnings. This is pretty clear in the documentation, so I would almost guess it to be expected behavior.
 [2004-12-21 13:58 UTC] kamil at kube dot org 
Hi, but the problem is that the warnings are not refering to the sessions _name_, but to the session _id_: this one is claimed to contain illegal characters. When you look at the example it sure does, because it is empty and hasn't been generated at all.

Why I'm so eager to know what it's all about, is that it _did work_ for the last 3 years now with a session name "sid" (all lower case, earlier php versions) and now doesn't work at all. Changing the name to eg. "sess" or "PHPSESSID" works fine (see example with foo).
 [2004-12-21 14:28 UTC] derick@php.net 
Hmm, i see what you mean now, but it works very fine here. The output of the script:

<?
// This code works fine (when changing foo to sid it also does not work).
session_name('sid');
session_start();

echo 'Session Name: '.session_name().'<br />';
echo 'Session Id: '.session_id().'<br />';
?>

shows:
Session Name: sid
Session Id: 034dafeac0bb2986bda981eb89f6f46d

perhaps you have some settings in php.ini, or session_auto_start set to true?
 [2004-12-26 14:13 UTC] kamil at kube dot org 
I just tried again and now it works fine. Might it's a misconfiguration - I can't reproduce it right now. Will watch it furthermore and post it here if it'll return.
 [2010-05-26 01:54 UTC] spam4 at yahoo dot com 
http://lozol.yolasite.com/ purchase lozol pay pal without rx
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Aug 16 03:01:29 2024 UTC