session_start () problèmes liés aux caractères illégaux, ID de session vide et session ayant échoué

Donc, je me rends compte qu’il s’agit d’une question répétée , mais il s’agit d’un bogue, mais le message original a 5 ans, mais il dit aussi qu’il s’agit d’une attaque malveillante. les caractères sont az, AZ, 0-9 et ‘-,’

Quelle est la dernière manière correcte de traiter ce problème?

Mes journaux d’erreur montrent:

[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): L’identifiant de session est trop long ou contient des caractères illégaux, les caractères valides sont az, AZ, 0-9 et ‘-,’ dans / home / COMPTE / public_html / wp-content / plugins / wl-coupon / wishlist-coupon20.php sur la ligne 27

[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): Impossible de démarrer la session avec l’ID de session vide dans /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php sur la ligne 21

[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): Impossible de démarrer la session avec l’ID de session vide dans /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php à la ligne 377

[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): Impossible de démarrer la session avec un identifiant de session vide dans /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php à la ligne 718

[30-Sep-2015 10:12:50 UTC] Avertissement de PHP: Inconnu: L’identifiant de session est trop long ou contient des caractères illégaux, les caractères valides sont az, AZ, 0-9 et ‘-,’ dans Unknown sur la ligne 0

[30-Sep-2015 10:12:50 UTC] Avertissement de PHP: Inconnu: Impossible d’écrire les données de session (fichiers). Vérifiez que le paramètre actuel de session.save_path est correct (/ tmp) dans Unknown sur la ligne 0

Mes journaux complets:

[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 11:12:37 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [30-Sep-2015 11:12:37 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [30-Sep-2015 10:12:49 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:12:51 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [30-Sep-2015 10:12:51 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [30-Sep-2015 10:13:04 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [01-Oct-2015 04:47:22 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [01-Oct-2015 23:10:23 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492 [01-Oct-2015 23:11:15 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 09:59:42 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739 [02-Oct-2015 09:59:42 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [02-Oct-2015 08:59:44 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739 [02-Oct-2015 08:59:46 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21 [03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21 [03-Oct-2015 04:51:46 UTC] PHP Fatal error: require(): Failed opening required 'ABSPATHwp-includes/load.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21 [03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 09:09:49 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727 [03-Oct-2015 09:09:49 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727 [03-Oct-2015 08:09:55 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 

Comme vous pouvez le voir là-bas, ils semblent tous se produire en groupes. Il suffit de regarder le 30 septembre, il arrive des tonnes de fois tout en 1 min ne se produit pas le rest de la journée …

Il lance le numéro de session pour customplugin, des forums de presse simples (je pense), et une liste de coupons 2.0

Mon code customplugin a:

 if(!session_id()) { session_start(); } 

J’ai essayé l’option 2 ci-dessous mais cela n’a pas aidé / corrigé le problème.

Un extrait de l’autre plugin WordPress à l’origine de certaines erreurs:

 class WishListCoupon20 extends WishListPlugin { public function __construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm) { parent::__construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm); session_start(); 

L’autre message de dépassement de stack a quelques variantes d’utilisation, mais je ne suis pas sûr de ce qui est correct car le message a 5 ans et plus et vous vous attendez à ce qu’un bogue ait été corrigé à ce moment-là.

Option 1 merci à Sergey Eremin:

  

Option 2 grâce à danjfoley:

 try { session_start(); } catch(ErrorExpression $e) { session_regenerate_id(); session_start(); } 

Option 3 grâce à Cendak (en utilisant la solution précédente d’Andron)

 function my_session_start() { $sn = session_name(); if (isset($_COOKIE[$sn])) { $sessid = $_COOKIE[$sn]; } else if (isset($_GET[$sn])) { $sessid = $_GET[$sn]; } else { return session_start(); } if (!preg_match('/^[a-zA-Z0-9,\-]{22,40}$/', $sessid)) { return false; } return session_start(); } if ( !my_session_start() ) { session_id( uniqid() ); session_start(); session_regenerate_id(); } 

Option 4 grâce à Andron:

  

Option 5 grâce à l’alpere:

 $ok = @session_start(); if(!$ok){ session_regenerate_id(true); // replace the Session ID session_start(); } 

Ou … y a-t-il un meilleur moyen.

@ Ryflex, j’ai effectué quelques tests sur mon serveur et conclu ce qui suit:

Le problème:

session_start() s’appuie sur $_COOKIE[session_name()] , donc, si vous modifiez la valeur du cookie à quelque chose comme #$#$FDSFSR#"#"$"#$" ou simplement la vider (ne pas supprimer le cookie) et rafraîchir une page avec votre code:

 if (!session_id()) { session_start(); } 

L’avertissement suivant est généré:

Avertissement PHP: session_start (): l’identifiant de la session est trop long ou contient des caractères illégaux, les caractères valides sont az, AZ, 0-9 et ‘-, dans /home/nomdutilisateur/public_html/session_start.php sur la ligne 7

Cela se produit parce que php vérifie si session_id() existe et, en fait, existe, mais contient des caractères illégaux non autorisés comme nom de session_id .

Un session id valide peut contenir uniquement des chiffres, des lettres A à Z (majuscules et minuscules), des virgules et des tirets ( [-,a-zA-Z0-9] ) entre 1 et 128 caractères.


Ma solution:

Vérifiez si $_COOKIE[session_name()] est défini et contient un session_id valide avant session_start() , sinon, supprimez le cookie de session et ensuite seulement session_start() , quelque chose comme:

 function safeSession() { if (isset($_COOKIE[session_name()]) AND preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) { session_start(); } elseif (isset($_COOKIE[session_name()])) { unset($_COOKIE[session_name()]); session_start(); } else { session_start(); } } 

commencer la session:

 safeSession(); 

REMARQUES:

1 – session_name est défini sur votre php.ini tant que session.name = SOMETHING ( PHPSESSID par défaut), vous pouvez donc rechercher un cookie correspondant à session.name . Vous pouvez utiliser la fonction session_name() pour le récupérer.

2 – La manipulation des cookies de session peut être utilisée par les pirates pour récupérer des informations de votre serveur ( username et path ) si ini_set('display_errors', 1); est défini

3 – session_regenerate_id(true) fonctionne mais, car il vérifie l’identifiant de session_id avant d’en atsortingbuer un nouveau, génère des avertissements.

4 – J’ai testé le code avec plusieurs noms de session non valides et aucune erreur ou avertissement n’a été généré, tout fonctionnant et prévu.


Les références:

session.c Code source

Mon pari serait, vous étiez attaqué en ce moment. Cela signifie que quelqu’un a manipulé votre cookie de session par exemple.

Depuis session_start(); est une fonction système, je ne pense pas que cela générerait des identifiants invalides.

À mon avis, l’option 2 est la meilleure. Mais si je me souviens bien, vous devez définir un gestionnaire d’erreur personnalisé pour cela.

Cette réponse me semble meilleure:

 $ok = @session_start(); if(!$ok){ //Hello Hacker ;) session_regenerate_id(true); // replace the Session ID session_start(); }