php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #38224 session_start can't handle broken cookies
Submitted: 2006-07-26 15:34 UTC Modified: 2006-07-27 14:06 UTC
From: toni at schornboeck dot net Assigned: iliaa (profile)
Status: Closed Package: Session related
PHP Version: 5.1.4 OS: windows
Private report: No CVE-ID: None
 [2006-07-26 15:34 UTC] toni at schornboeck dot net
Description:
------------
session_start() can't handle broken cookies at all.

When a cookie with the name of the session exists, even if it's malformed, for example containing invalid characters, session_start just assumes it is a correct session id - and fails horribly when trying to save data in a file with that "id".

Reproduce code:
---------------
<?php
ob_start();
//setcookie('session_cookie', gzcompress('?#+?!')); //just call once

session_name('session_cookie');
session_start();
echo 'test = ',$_SESSION['test'];
$_SESSION['test']='foo';

ob_end_flush();

?>

Expected result:
----------------
Either session_start() should return false or it needs to overwrite the cookie.

Nevertheless this code shouldn't produce any errors and save the session variable test correctly.


Output:
test = foo

Actual result:
--------------
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in C:\xampp\xampp\htdocs\yawe\bug.php on line 6
test = 
Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\xampp\xampp\tmp) in Unknown on line 0


and session_start sets the cookie with the same corrupted "session id" again...

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-27 14:06 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Dec 13 19:01:27 2018 UTC