php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #23681 Unclear error msg. when PHPSESSID manually deleted from URL by user
Submitted: 2003-05-18 10:41 UTC Modified: 2012-02-21 07:39 UTC
Votes:12
Avg. Score:4.8 ± 0.6
Reproduced:11 of 11 (100.0%)
Same Version:1 (9.1%)
Same OS:4 (36.4%)
From: php at lapage dot com Assigned: sas (profile)
Status: Closed Package: Session related
PHP Version: * OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at lapage dot com
New email:
PHP Version: OS:

 

 [2003-05-18 10:41 UTC] php at lapage dot com 
Request for a better error msg.

If the user disables cookies and changes the URL to
http://domain.tld/form.php?PHPSESSID=

Then the resulting Apache 1.3 error log reads:

PHP Warning:  session_start(): The session id contains illegal characters, valid characters are only a-z, A-Z and 0-9 in /zz/zzdomain/www/form.php on line 3

PHP Warning:  Unknown(): The session id contains illegal characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0

PHP Warning:  Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp_php/zzdomainzz) in Unknown on line 0



<?php
  session_start();
  @$ct= ++$_SESSION['count'];
  echo<<<EOF
[$ct]<br><form method="get">
See hidden input<input type="submit" name="submit" value="Test"></form>
<a href="$PHP_SELF?foo=bar">See new href</a>
EOF;
?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-05-20 03:16 UTC] derick@php.net 
I'm all for making this a notice instead, assigning to Sascha as he's the maintainer of ext/session.

Derick
 [2010-12-20 13:58 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related -Operating System: Linux +Operating System: * -PHP Version: 4.3.1 +PHP Version: *
 [2012-02-21 07:39 UTC] rasmus@php.net
-Status: Assigned +Status: Closed
 [2012-02-21 07:39 UTC] rasmus@php.net 
This code has all been rewritten long ago and this issue is no longer present.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Dec 27 15:01:29 2024 UTC