Donc, je me rends compte qu’il s’agit d’une question répétée , mais il s’agit d’un bogue, mais le message original a 5 ans, mais il dit aussi qu’il s’agit d’une attaque malveillante. les caractères sont az, AZ, 0-9 et ‘-,’
Quelle est la dernière manière correcte de traiter ce problème?
Mes journaux d’erreur montrent:
[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): L’identifiant de session est trop long ou contient des caractères illégaux, les caractères valides sont az, AZ, 0-9 et ‘-,’ dans / home / COMPTE / public_html / wp-content / plugins / wl-coupon / wishlist-coupon20.php sur la ligne 27
- Apache ProxyPass – Exclure les fichiers Regex
- Associer un nom de domaine à un répertoire dans Apache
- Est-il possible de lancer un script php au démarrage d’Apache?
- Définissez REMOTE_ADDR sur X-Forwarded-For dans apache
- Pas besoin, pas d’inclusion, pas de réécriture d’url, pourtant le script est exécuté sans être dans l’url
[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): Impossible de démarrer la session avec l’ID de session vide dans /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php sur la ligne 21
[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): Impossible de démarrer la session avec l’ID de session vide dans /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php à la ligne 377
[30-Sep-2015 10:12:37 UTC] Avertissement de PHP: session_start (): Impossible de démarrer la session avec un identifiant de session vide dans /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php à la ligne 718
[30-Sep-2015 10:12:50 UTC] Avertissement de PHP: Inconnu: L’identifiant de session est trop long ou contient des caractères illégaux, les caractères valides sont az, AZ, 0-9 et ‘-,’ dans Unknown sur la ligne 0
[30-Sep-2015 10:12:50 UTC] Avertissement de PHP: Inconnu: Impossible d’écrire les données de session (fichiers). Vérifiez que le paramètre actuel de session.save_path est correct (/ tmp) dans Unknown sur la ligne 0
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 11:12:37 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [30-Sep-2015 11:12:37 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [30-Sep-2015 10:12:49 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:12:51 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [30-Sep-2015 10:12:51 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [30-Sep-2015 10:13:04 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718 [01-Oct-2015 04:47:22 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377 [01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [01-Oct-2015 23:10:23 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492 [01-Oct-2015 23:11:15 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 09:59:42 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739 [02-Oct-2015 09:59:42 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [02-Oct-2015 08:59:44 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739 [02-Oct-2015 08:59:46 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21 [03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21 [03-Oct-2015 04:51:46 UTC] PHP Fatal error: require(): Failed opening required 'ABSPATHwp-includes/load.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21 [03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 09:09:49 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727 [03-Oct-2015 09:09:49 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727 [03-Oct-2015 08:09:55 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439 [03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27 [03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385 [03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21 [03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are az, AZ, 0-9 and '-,' in Unknown on line 0 [03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
Comme vous pouvez le voir là-bas, ils semblent tous se produire en groupes. Il suffit de regarder le 30 septembre, il arrive des tonnes de fois tout en 1 min ne se produit pas le rest de la journée …
Il lance le numéro de session pour customplugin, des forums de presse simples (je pense), et une liste de coupons 2.0
Mon code customplugin a:
if(!session_id()) { session_start(); }
J’ai essayé l’option 2 ci-dessous mais cela n’a pas aidé / corrigé le problème.
Un extrait de l’autre plugin WordPress à l’origine de certaines erreurs:
class WishListCoupon20 extends WishListPlugin { public function __construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm) { parent::__construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm); session_start();
L’autre message de dépassement de stack a quelques variantes d’utilisation, mais je ne suis pas sûr de ce qui est correct car le message a 5 ans et plus et vous vous attendez à ce qu’un bogue ait été corrigé à ce moment-là.
try { session_start(); } catch(ErrorExpression $e) { session_regenerate_id(); session_start(); }
function my_session_start() { $sn = session_name(); if (isset($_COOKIE[$sn])) { $sessid = $_COOKIE[$sn]; } else if (isset($_GET[$sn])) { $sessid = $_GET[$sn]; } else { return session_start(); } if (!preg_match('/^[a-zA-Z0-9,\-]{22,40}$/', $sessid)) { return false; } return session_start(); } if ( !my_session_start() ) { session_id( uniqid() ); session_start(); session_regenerate_id(); }
$ok = @session_start(); if(!$ok){ session_regenerate_id(true); // replace the Session ID session_start(); }
@ Ryflex, j’ai effectué quelques tests sur mon serveur et conclu ce qui suit:
Le problème:
session_start()
s’appuie sur $_COOKIE[session_name()]
, donc, si vous modifiez la valeur du cookie à quelque chose comme #$#$FDSFSR#"#"$"#$"
ou simplement la vider (ne pas supprimer le cookie) et rafraîchir une page avec votre code:
if (!session_id()) { session_start(); }
L’avertissement suivant est généré:
Avertissement PHP: session_start (): l’identifiant de la session est trop long ou contient des caractères illégaux, les caractères valides sont az, AZ, 0-9 et ‘-, dans /home/nomdutilisateur/public_html/session_start.php sur la ligne 7
Cela se produit parce que php
vérifie si session_id()
existe et, en fait, existe, mais contient des caractères illégaux non autorisés comme nom de session_id
.
Un session id
valide peut contenir uniquement des chiffres, des lettres A à Z (majuscules et minuscules), des virgules et des tirets ( [-,a-zA-Z0-9]
) entre 1 et 128 caractères.
Ma solution:
Vérifiez si $_COOKIE[session_name()]
est défini et contient un session_id
valide avant session_start()
, sinon, supprimez le cookie de session et ensuite seulement session_start()
, quelque chose comme:
function safeSession() { if (isset($_COOKIE[session_name()]) AND preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) { session_start(); } elseif (isset($_COOKIE[session_name()])) { unset($_COOKIE[session_name()]); session_start(); } else { session_start(); } }
commencer la session:
safeSession();
REMARQUES:
1 – session_name
est défini sur votre php.ini
tant que session.name = SOMETHING
( PHPSESSID
par défaut), vous pouvez donc rechercher un cookie correspondant à session.name
. Vous pouvez utiliser la fonction session_name()
pour le récupérer.
2 – La manipulation des cookies de session peut être utilisée par les pirates pour récupérer des informations de votre serveur ( username
et path
) si ini_set('display_errors', 1);
est défini
3 – session_regenerate_id(true)
fonctionne mais, car il vérifie l’identifiant de session_id
avant d’en atsortingbuer un nouveau, génère des avertissements.
4 – J’ai testé le code avec plusieurs noms de session non valides et aucune erreur ou avertissement n’a été généré, tout fonctionnant et prévu.
Les références:
session.c Code source
Mon pari serait, vous étiez attaqué en ce moment. Cela signifie que quelqu’un a manipulé votre cookie de session par exemple.
Depuis session_start();
est une fonction système, je ne pense pas que cela générerait des identifiants invalides.
À mon avis, l’option 2 est la meilleure. Mais si je me souviens bien, vous devez définir un gestionnaire d’erreur personnalisé pour cela.
Cette réponse me semble meilleure:
$ok = @session_start(); if(!$ok){ //Hello Hacker ;) session_regenerate_id(true); // replace the Session ID session_start(); }