php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #35703 when session_name("123") consist only digits, should warning
Submitted: 2005-12-16 10:39 UTC Modified: 2013-06-27 10:39 UTC
Votes:4
Avg. Score:1.8 ± 1.3
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: samuelkid at citiz dot net Assigned: yohgaki (profile)
Status: Closed Package: *General Issues
PHP Version: 5.1.1 OS: redhat 7.3
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: samuelkid at citiz dot net
New email:
PHP Version: OS:

 

 [2005-12-16 10:39 UTC] samuelkid at citiz dot net 
Description:
------------
as php manual says:
Session name can't consist only from digits, at least one letter must be present. Otherwise new session id is generated every time. 

http://php.liukang.com/manual/en/function.session-name.php

so, when session("123"), it should be warning or something,
but it is not

Reproduce code:
---------------
session_name("123")



Expected result:
----------------
warning:   or something

Actual result:
--------------
actually "123" works fine

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-06-27 10:27 UTC] yohgaki@php.net
-Status: Open +Status: Analyzed -Package: Feature/Change Request +Package: *General Issues
 [2013-06-27 10:27 UTC] yohgaki@php.net 
This is because session name is string, but session id name stored in 
$_COOKIE/$_GET/$_POST has long key.

i.e. Cannot find session id with zend_hash_find() since it is numeric(long) key.

session.name can be check in INI update function.
 [2013-06-27 10:39 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-06-29 00:48 UTC] yohgaki@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bfb4c3156fa68568a52d1c3c6b745b33088c2d46
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2013-06-29 00:48 UTC] yohgaki@php.net
-Status: Analyzed +Status: Closed
 [2013-06-29 02:38 UTC] yohgaki@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2013-07-02 06:26 UTC] ab@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2013-11-17 09:30 UTC] laruence@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bfb4c3156fa68568a52d1c3c6b745b33088c2d46
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2014-10-07 23:18 UTC] stas@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 [2014-10-07 23:29 UTC] stas@php.net 
Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=87dda666c73acde08982865cf63227eaa77f0478
Log: Fixed bug #35703: when session_name("123") consist only digits, should warning
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Jan 02 12:01:29 2025 UTC