Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Empty sessions full path disclosure #4310

Open
Flo354 opened this Issue · 1 comment

2 participants

@Flo354

When a person empty the "phpsessid", we get a notice error :
Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /path/to/website/vendor/zendframework/zendframework/library/Zend/Session/SessionManager.php on line 95

In order to correct that, in my function onBootstrap, i added the following lines :
if (empty($_COOKIE["PHPSESSID"]))
unset($_COOKIE["PHPSESSID"]);

I am not sure if this is the right way to correct that, but for the moment, the solution works...

@ThaDafinser

@Flo354 is this still a problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.