You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Session#name will contain name as specified. However, cookie will be saved into attribute bag as "name_with_dots", so Symfony won't ever find corresponding session. This is apparently normal for global vars in PHP.
This is similar to #9009 and #6908. However, in this case it should be normalized/disallowed on Config level, otherwise it's not obvious why sessions don't work.
The text was updated successfully, but these errors were encountered:
This PR was merged into the 2.7 branch.
Discussion
----------
Disallow invalid characters in session.name
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27023
| License | MIT
| Doc PR |
PHP saves cookie with correct name, but upon deserialization to
`$_COOKIE`, it replaces "." characters with "_".
This is probably also reason why \SessionHandler is not able to find
a session.
https://harrybailey.com/2009/04/dots-arent-allowed-in-php-cookie-names/https://bugs.php.net/bug.php?id=75883
Commits
-------
16ebb43 Disallow illegal characters like "." in session.name
Session#name will contain name as specified. However, cookie will be saved into attribute bag as "name_with_dots", so Symfony won't ever find corresponding session. This is apparently normal for global vars in PHP.
This is similar to #9009 and #6908. However, in this case it should be normalized/disallowed on Config level, otherwise it's not obvious why sessions don't work.
The text was updated successfully, but these errors were encountered: