session_start() issues regarding illegal characters, empty session ID and failed session

后端未结

关注

 3  1685

Happy的楠姐 2021-02-13 14:53

So, I realise this is a repeat question however, it is apprently a bug yet the original post for this is 5 years old but it\'s also said that it\'s a malicious

3条回答

南旧 (楼主)

2021-02-13 15:32
My bet would be, you were under attack at this time. This means someone manipulated your session cookie for example.

Since session_start(); is a system function, I don't think it would generate invalid ids.

In my opinion, option 2 is the best. But if I remember correct, you need to set a custom error handler for this.

This answer seems better for me:
```
$ok = @session_start();
if(!$ok){
   //Hello Hacker ;)
   session_regenerate_id(true); // replace the Session ID
   session_start(); 
}
```
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...