Skip to content

[HttpFoundation] Prevent PHP Warning: Session ID is too long or contains illegal characters #46790

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from Jun 30, 2022
Merged

[HttpFoundation] Prevent PHP Warning: Session ID is too long or contains illegal characters #46790

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a2fbf66
[Messenger] fix test
nicolas-grekas Jun 30, 2022
8487950
[HttpFoundation] Prevent PHP Warning: Session ID is too long or conta…
Jun 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
[HttpFoundation] Prevent PHP Warning: Session ID is too long or conta… 
…ins illegal characters
  • Loading branch information
@nicolas-grekas
BrokenSourceCode authored and nicolas-grekas committed Jun 30, 2022
commit 84879504db8ec960a8f7ef381a9baf4981e4c671
2 changes: 1 addition & 1 deletion src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ public function start()
}

$sessionId = $_COOKIE[session_name()] ?? null;
if ($sessionId && $this->saveHandler instanceof AbstractProxy && 'files' === $this->saveHandler->getSaveHandlerName() && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {
if ($sessionId && $this->saveHandler instanceof AbstractProxy && 'files' === $this->saveHandler->getSaveHandlerName() && !preg_match('/^[a-zA-Z0-9,-]{22,250}$/', $sessionId)) {
// the session ID in the header is invalid, create a new one
session_id(session_create_id());
}
Expand Down
4 changes: 2 additions & 2 deletions src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -302,7 +302,7 @@ public function testRegenerateInvalidSessionIdForNativeFileSessionHandler()
$started = $storage->start();

$this->assertTrue($started);
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,}$/', session_id());
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,250}$/', session_id());
$storage->save();

$_COOKIE[session_name()] = '&~[';
Expand All @@ -311,7 +311,7 @@ public function testRegenerateInvalidSessionIdForNativeFileSessionHandler()
$started = $storage->start();

$this->assertTrue($started);
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,}$/', session_id());
$this->assertMatchesRegularExpression('/^[a-zA-Z0-9,-]{22,250}$/', session_id());
$storage->save();

$_COOKIE[session_name()] = '&~[';
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy