Patch bug68063.patch for Session related Bug #68063
Patch version 2016-01-12 22:28 UTC
Return to Bug #68063 |
Download this patch
Patch Revisions:
Developer: yohgaki@php.net
diff --git a/ext/session/session.c b/ext/session/session.c
index f5439ea..fe16525 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -485,7 +485,10 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */
}
/* If there is no ID, use session module to create one */
- if (!PS(id)) {
+ if (!PS(id) || !PS(id)[0]) {
+ if (PS(id)) {
+ efree(PS(id));
+ }
PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
if (!PS(id)) {
php_error_docref(NULL TSRMLS_CC, E_ERROR, "Failed to create session ID: %s (path: %s)", PS(mod)->s_name, PS(save_path));
@@ -2065,10 +2068,6 @@ static PHP_FUNCTION(session_decode)
static PHP_FUNCTION(session_start)
{
/* skipping check for non-zero args for performance reasons here ?*/
- if (PS(id) && !strlen(PS(id))) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot start session with empty session ID");
- RETURN_FALSE;
- }
php_session_start(TSRMLS_C);
diff --git a/ext/session/tests/bug68063.phpt b/ext/session/tests/bug68063.phpt
index d3da470..e6a5b09 100644
--- a/ext/session/tests/bug68063.phpt
+++ b/ext/session/tests/bug68063.phpt
@@ -5,16 +5,17 @@ Bug #68063 (Empty session IDs do still start sessions)
--INI--
--FILE--
<?php
+// Empty session ID may happen by browser bugs
+
// Could also be set with a cookie like "PHPSESSID=; path=/"
session_id('');
-// Will still start the session and return true
+// Start the session with empty string should result in new session ID
var_dump(session_start());
-// Returns an empty string
+// Returns newly created session ID
var_dump(session_id());
?>
--EXPECTF--
-Warning: session_start(): Cannot start session with empty session ID in %s on line %d
-bool(false)
-string(0) ""
+bool(true)
+string(%d) "%s"
|
Copyright © 2001-2024 The PHP Group