Input sanitize destroys session cookie #148

bitbucket-import opened this Issue Aug 19, 2011 · 0 comments


None yet
1 participant

When I add urlencoded data to my session the Input->_sanitize_globals() destroys the cookie data within the data.

For example, try to store the array bellow into your session data:


'admin' =>
'id' => string '1' (length=1)
'nome' => string 'Ricardo' (length=7)
'sobrenome' => string 'Martins' (length=7)
'email' => string '' (length=27)
'usuario' => string 'martins' (length=7)
'senha' => string 'e99a18c428cb38d5f260853678922e03' (length=32)
'administrador' => string '1' (length=1)
'ultimo_login' => string '2011-05-05 17:07:21' (length=19)
'dt_excluido' => null
'gravatar' => string ''


When it checks for my gravatar data, it will destroy my session cookie and I loose my session.
It happens on the following line:


$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);

of Input.php.

I tried on 2.0.1 and 2.0.2 versions.

@Dentxinho Dentxinho pushed a commit to Dentxinho/CodeIgniter that referenced this issue Sep 28, 2012

@benedmunds benedmunds Merge pull request #148 from Codemonkey1991/2
Added norwegian language file

narfbg closed this in 5ac428b Jan 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment