ID: 38224 Updated by: [EMAIL PROTECTED] Reported By: toni at schornboeck dot net -Status: Assigned +Status: Closed Bug Type: Session related Operating System: windows PHP Version: 5.1.4 Assigned To: iliaa New Comment:
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2006-07-26 15:34:27] toni at schornboeck dot net Description: ------------ session_start() can't handle broken cookies at all. When a cookie with the name of the session exists, even if it's malformed, for example containing invalid characters, session_start just assumes it is a correct session id - and fails horribly when trying to save data in a file with that "id". Reproduce code: --------------- <?php ob_start(); //setcookie('session_cookie', gzcompress('ä#+´!')); //just call once session_name('session_cookie'); session_start(); echo 'test = ',$_SESSION['test']; $_SESSION['test']='foo'; ob_end_flush(); ?> Expected result: ---------------- Either session_start() should return false or it needs to overwrite the cookie. Nevertheless this code shouldn't produce any errors and save the session variable test correctly. Output: test = foo Actual result: -------------- Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in C:\xampp\xampp\htdocs\yawe\bug.php on line 6 test = Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\xampp\xampp\tmp) in Unknown on line 0 and session_start sets the cookie with the same corrupted "session id" again... ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38224&edit=1
