ID: 35076
User updated by: vincent_f40 at hotmail dot com
Reported By: vincent_f40 at hotmail dot com
-Status: Feedback
+Status: Open
Bug Type: Session related
Operating System: Linux RHEL4, 2.6.9-11.ELsmp
PHP Version: 5CVS-2005-11-05 (snap)
New Comment:
Hi Sniper,
Thank you for your reply.
I have no idea what IS passed to the server(what can be passed?). I am
just somehow getting these errors appearing arround 2-3 times a hour.
Nothing more it says...(just as I copy and pasted the error down here)
Also nothing about the session_id... As you can see in the error I copy
and pasted.
We use cookies for the sessions(we do not use session id in the
link)...dont know if there is a way to hack our service in this
way...with some random session_id...but then I should see these errors
appear a lot more I guess...
Any clue ? Do I need to switch to a more verbose error logging...
Thanks,
Vince
Previous Comments:
------------------------------------------------------------------------
[2005-11-05 23:29:55] [EMAIL PROTECTED]
So what IS passed to server when this happens? What is the session id?
Are you sure someone just isn't trying to hack your service with some
random generated ID's and just doesn't know that some chars are not
allowed?
------------------------------------------------------------------------
[2005-11-05 21:58:26] vincent_f40 at hotmail dot com
file: config.inc
<?php
$conf['session_name'] = "somename";
$conf['session_init'] = "session_init.inc";
$conf['domain'] = ".domain.com";
?>
file: session_init.inc
<?php
function a(){
some code
}
session_name($conf['session_name']);
session_start();
if else statements
if (!$_COOKIE['wid']) {
setcookie("wid", $_GET['wid'], time()+(3600 * 24 *365), "/" ,
$conf['domain']);
}
?>
file: index.php
<?php
require_once("config.inc");
require_once($conf['session_init']);
html webpage code
?>
I am not able to reproduce the error. The error just appears sometimes
in the log files...But basicly this is the setup.
Some pages we use frames...but I guess that should not be a problem.
Thanks,
Vince
------------------------------------------------------------------------
[2005-11-05 19:23:23] vincent_f40 at hotmail dot com
Hi Sniper,
Downloaded the latest PHP from your link. Installed it with the option:
--without-pear.
Everything installed Ok.
But the errors keep appearing...any ideas?
Thanks,
Vince
------------------------------------------------------------------------
[2005-11-05 12:42:41] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php5-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php5-win32-latest.zip
And ignore the PEAR errors. (just add --without-pear to your configure
line)
------------------------------------------------------------------------
[2005-11-05 01:00:13] vincent_f40 at hotmail dot com
Hi Sniper,
Oki...and what about my initial error. The error down here:
Is this then a know issue and will be solved in the latest php release
?
Thu Nov 3 00:49:10 2005] [error] PHP Warning: session_start() [<a
href='function.session-start'>function.session-start</a>]: The session
id contains illegal characters, valid characters are a-z, A-Z, 0-9 and
'-,' in /home/httpd/html/includes/session_init.inc on line 70
[Thu Nov 3 00:49:11 2005] [error] PHP Warning: Unknown: The session
id
contains illegal characters, valid characters are a-z, A-Z, 0-9 and
'-,'
in Unknown on line 0
[Thu Nov 3 00:49:11 2005] [error] PHP Warning: Unknown: Failed to
write session data (files). Please verify that the current setting of
session.save_path is correct () in Unknown on line 0
Thanks,
Vince.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/35076
--
Edit this bug report at http://bugs.php.net/?id=35076&edit=1
