Re: Empty session cookie leads to warning

From: Yasuo Ohgaki Date: Wed, 12 Feb 2014 07:05:32 +0000

Subject: Re: Empty session cookie leads to warning

References: 1 Groups: php.internals

Request: Send a blank email to internals+get-72499@lists.php.net to get a copy of this message

Hi Christian,

On Tue, Feb 11, 2014 at 4:31 PM, Christian Stoller <stoller@leonex.de>wrote:

> On our server we infrequently get a warning when session_start() is
> called. The message says "The session id is too long or contains illegal
> characters, valid characters are a-z, A-Z, 0-9 and '-,'"
>
> But print_r($_SERVER) in those cases contains only "PHPSESSID" - so the
> session cookie has no value. In my opinion the warning message is a bit
> irritating, or does it have a deeper meaning?
>

What is the reason for having extremely insecure session ID?
Is user sending empty cookie by deleting cookie value?

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

Thread (5 messages)

Christian StollerTue, 11 Feb 2014 07:31:19 +0000
Christian StollerTue, 11 Feb 2014 07:43:15 +0000RE: Empty session cookie leads to warning
Yasuo OhgakiWed, 12 Feb 2014 07:05:32 +0000
Christian StollerWed, 12 Feb 2014 07:25:12 +0000RE: [PHP-DEV] Empty session cookie leads to warning
Yasuo OhgakiWed, 12 Feb 2014 08:19:35 +0000Re: Empty session cookie leads to warning

« previous	php.internals (#72499)	next »

From:	Yasuo Ohgaki	Date:	Wed, 12 Feb 2014 07:05:32 +0000
Subject:	Re: Empty session cookie leads to warning
References:	1	Groups:	php.internals
Request:	Send a blank email to internals+get-72499@lists.php.net to get a copy of this message