ID: 32966 Updated by: [EMAIL PROTECTED] Reported By: m dot cave-ayland at webbased dot co dot uk -Status: Open +Status: Bogus Bug Type: Session related Operating System: Linux 2.4 PHP Version: 4.3.11 New Comment:
Please do not submit the same bug more than once. An existing bug report already describes this very problem. Even if you feel that your issue is somewhat different, the resolution is likely to be the same. Thank you for your interest in PHP. See bug #32111 Previous Comments: ------------------------------------------------------------------------ [2005-05-06 17:52:42] m dot cave-ayland at webbased dot co dot uk Description: ------------ I have found a problem with using sessions and cookies under PHP 4.3.3, however I have done a brief check using the CVS web interface and I believe the problem may still be present in the latest 4.3.11. A test with PHP 5.0 showed the problem did not exist there. I was using a buggy client that was accidently sending two "Cookie:" strings containing the PHP session ID to the webserver (Apache 2.0.47) during a form POST to upload a file, and found that PHP was erroring out with the error "The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9". The error disappeared when the Cookie line was sent once as expected. Digging into the code shows that cookie values retrieved from the SAPI manager were being separated by a comma, whereas the PHP code was looking for a semi-colon and null as separator values. My fix was to add a comma to the list of separators at the equivalent of line 293 of /main/php_variables.c in PHP 4.3.11, however this is my first look at the PHP source and so there may be a better fix or this may not be correct. Many thanks, Mark. Reproduce code: --------------- Using a raw telnet session to an Apache WebServer running PHP: GET / HTTP/1.0 Host: myhost.somewhere.com Cookie: PHPSESSID=6664337de02c5bad6c175e0bb3c10a45 Cookie: PHPSESSID=6664337de02c5bad6c175e0bb3c10a45 Cookie: ANOTHER=randomvalue Expected result: ---------------- No error. Actual result: -------------- session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32966&edit=1
