php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #27550 session_name doesn't fail or compensate for illegal white space
Submitted: 2004-03-10 10:42 UTC Modified: 2004-03-10 13:35 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: whelan at nexserver dot com Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.4 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: whelan at nexserver dot com
New email:
PHP Version: OS:

 

 [2004-03-10 10:42 UTC] whelan at nexserver dot com 
Description:
------------
if it contains a space, you get a new session_id on every page calling session_start(). I believe php should either fail and return an error or compensate for the space. It shouldn't just not work correctly.

Reproduce code:
---------------
session_name('New Session');
session_start();

Expected result:
----------------
It should maintain the same session id for each session with the same session name.

Actual result:
--------------
It will create a new session id for each time this is called.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-03-10 13:23 UTC] sniper@php.net 
RTFM
 [2004-03-10 13:31 UTC] whelan at nexserver dot com 
This is definately a problem with php. It is either an illegal parameter, or it should be handled as if it were a correct parameter. It does neither at this time. It will not maintain a session of a name with a space in it. You're saying it should start a new session with a new session id every time it encounters a session with the same name, so it doesn't maintain the session variables? This doesn't make any sense.
 [2004-03-10 13:35 UTC] derick@php.net 
No, he said "RTFM":

http://nl2.php.net/manual/en/function.session-name.php says:

 The session name references the session id in cookies and URLs. It should contain only alphanumeric characters; it should be short and descriptive (i.e. for users with enabled cookie warnings).
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Dec 10 07:00:01 2025 UTC