session_start() issues regarding illegal characters, empty session ID and failed session

后端未结

关注

 3  1667

Happy的楠姐 2021-02-13 14:53

So, I realise this is a repeat question however, it is apprently a bug yet the original post for this is 5 years old but it\'s also said that it\'s a malicious

3条回答

甜味超标 (楼主)

2021-02-13 15:33

I like the explanation of Pedro Lobito but the algorithm can be improved:

if (isset($_COOKIE[session_name()]) && 0 === preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) {
    unset($_COOKIE[session_name()]);
}

if ('' === session_id()) {
    session_start();
}

0 讨论(0)

查看其它3个回答