Allow uppercase letters, as well as commas and minus signs in session IDs #77

merged 1 commit into from Apr 29, 2012


None yet

2 participants

drench commented Apr 29, 2012

I am running punbb on the same domain as another application, and I noticed sessions getting clobbered. I realize punbb always sets the hash argument to true when calling random_key(), making the existing regex work, but in my situation, I am deliberately sharing punbb sessions with this other application. The session IDs PHP's file session handler generates can contain uppercase letters, as well as commas and minus signs (see

As a workaround I could write a fn_forum_session_start_start hook to override forum_session_start() but I'd like you to consider loosening the regex as in this patch.

@drench drench Allow uppercase letters, '-' and ',' in session ID
"The , (comma) and - (minus) characters are allowed in the file session handler."
@dimkalinux dimkalinux merged commit a7228f0 into punbb:master Apr 29, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment