Hi list,
I saw this interesting bug: https://bugs.php.net/bug.php?id=68063
Basically, if session_id('') is run before session_start(), weird
things happen.
The bug reporter proposes 2 ways to fix this:
-
session_start()should silently fix the situation - or
session_start()should noisely fail
Both solutions look fine to me, but I'm not sure what PHP should do. Should
it be resilient and silently fix the situation?
Regards,
Florian Margaine
Hi list,
I saw this interesting bug: https://bugs.php.net/bug.php?id=68063
Basically, if
session_id('')is run beforesession_start(), weird
things happen.The bug reporter proposes 2 ways to fix this:
session_start()should silently fix the situation
I would opt for this, if an invalid session id is given a warning should be emitted and a new id generated.
- or
session_start()should noisely failBoth solutions look fine to me, but I'm not sure what PHP should do. Should
it be resilient and silently fix the situation?Regards,
Florian Margaine
Hi,
On Sun, Sep 21, 2014 at 3:12 AM, Tjerk Meesters
tjerk.meesters@gmail.com wrote:
Hi list,
I saw this interesting bug: https://bugs.php.net/bug.php?id=68063
Basically, if
session_id('')is run beforesession_start(), weird
things happen.The bug reporter proposes 2 ways to fix this:
session_start()should silently fix the situationI would opt for this, if an invalid session id is given a warning should be emitted and a new id generated.
- or
session_start()should noisely failBoth solutions look fine to me, but I'm not sure what PHP should do. Should
it be resilient and silently fix the situation?Regards,
Florian Margaine
A warning triggered by a session_id() might make sense, but not if it
is the cookie that's invalid.
Cheers,
Andrey.