Fix uses of session_start($_GET['id'])

[MasterOdin]

session_start pre 7.0 didn't accept any parameters and post 7.0 accepts an array to override session INI directives. It looks like the code is trying to set the session ID to use if psased one via the $_GET superglobal ($_GET['session_id']), which you'd accomplish via the session_id function instead which does accept a parameter that allows you to set an ID to use (so long as you call it before session_start).

You would therefore most likely want to change all instances of:

session_start($_GET['session_id']);

to be:

session_id($_GET['session_id']);
session_start();

The same thing applies for the places that use the $_POST superglobal as well.

[lramos15]

My only worry with this is that currently the session_start(); is just being ignored because its throwing a warning and its just proceeding, so currently the code doesn't do what is expected and I'm afraid changing it to be syntactically correct will drastically change how the sessions start to get handle in PHP and mess something up. We use PHP sessions to verify every single user interaction with the server so messing them up would effectively break the site. I am aware that it is syntactically incorrect and some of our new session code follows the session_id($_GET['session_id'); format.

[MasterOdin]

Well you could rip out all instances of session_id and maintain current functionality since the parameter is totally ignored at the moment anyway, and therefore it's sort of pointless to be passing it around.