有关非法字符,空会话ID和会话失败的session_start()问题 [英] session_start() issues regarding illegal characters, empty session ID and failed session
问题描述
所以,我意识到这是一个重复的问题,但是,它虽然是一个错误,但最初的帖子已经发布了5年之久,但也有人说这是一次恶意攻击... 会话ID太长或包含非法字符,有效字符是az,AZ,0-9和'-'
So, I realise this is a repeat question however, it is apprently a bug yet the original post for this is 5 years old but it's also said that it's a malicious attack... The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
处理此问题的最新的正确方法是什么?
What is the latest, correct way of dealing with this issue?
我的错误日志显示:
[2015年9月30日10:12:37 UTC] PHP警告:session_start():会话ID太长或包含非法字符,有效字符为az,AZ,0-9和-"/home/ACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php,第27行
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/ACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[2015年9月30日10:12:37 UTC] PHP警告:session_start():无法使用以下位置的/home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php中的空会话ID启动会话第21行
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php on line 21
[2015年9月30日10:12:37 UTC] PHP警告:session_start():无法使用以下位置的/home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php中的空会话ID启动会话377行
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php on line 377
[2015年9月30日10:12:37 UTC] PHP警告:session_start():无法使用以下位置的/home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php中的空会话ID启动会话718行
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php on line 718
[2015年9月30日10:12:50 UTC] PHP警告:未知:会话ID太长或包含非法字符,有效字符为未知"中的az,AZ,0-9和-"第0行
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[2015年9月30日10:12:50 UTC] PHP警告:未知:无法写入会话数据(文件).请在第0行的未知"中验证session.save_path的当前设置正确(/tmp)
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
我的完整日志:
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 11:12:37 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 11:12:37 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[30-Sep-2015 10:12:49 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:51 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 10:12:51 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 10:13:04 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[01-Oct-2015 04:47:22 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[01-Oct-2015 23:10:23 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492
[01-Oct-2015 23:11:15 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 09:59:42 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739
[02-Oct-2015 09:59:42 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[02-Oct-2015 08:59:44 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739
[02-Oct-2015 08:59:46 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 04:51:46 UTC] PHP Fatal error: require(): Failed opening required 'ABSPATHwp-includes/load.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 09:09:49 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727
[03-Oct-2015 09:09:49 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727
[03-Oct-2015 08:09:55 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
正如您所看到的,它们似乎都是成组发生的,只需看9月30日,它就会在1分钟内全部发生很多次,而在一天的其余时间中不会发生...
As you can see there they all seem to happen in groups just look at 30th of september it happens loads of times all within 1 min then doesn't happen the rest of the day...
这引发了针对customplugin,简单的新闻论坛(我认为)和Wishlist Coupon 2.0的sessionid问题
It's throwing the sessionid issue up for customplugin, simple press forums (I think), and Wishlist Coupon 2.0
我的自定义插件代码具有:
My customplugin code has:
if(!session_id()) {
session_start();
}
我从下面尝试了选项2,但是它没有帮助/解决问题.
另一个导致某些错误的WordPress插件的片段:
A snippet of the other WordPress plugin that is causing the some of the error(s):
class WishListCoupon20 extends WishListPlugin {
public function __construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm) {
parent::__construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm);
session_start();
另一个堆栈溢出帖子具有解决该问题的一些变体,但是我不确定什么是正确的,因为该帖子已有5年以上的历史了,您可能希望在那时修复一个错误.
The other stack overflow post has a few variations of working around the issue but I am not sure what is correct because the post is 5+ years old and you would expect a bug to have been fixed in that time.
<?php
function my_session_start()
{
if (ini_get('session.use_cookies') && isset($_COOKIE['PHPSESSID'])) {
$sessid = $_COOKIE['PHPSESSID'];
} elseif (!ini_get('session.use_only_cookies') && isset($_GET['PHPSESSID'])) {
$sessid = $_GET['PHPSESSID'];
} else {
session_start();
return false;
}
if (!preg_match('/^[a-z0-9]{32}$/', $sessid)) {
return false;
}
session_start();
return true;
}
?>
选项2感谢danjfoley:
try {
session_start();
} catch(ErrorExpression $e) {
session_regenerate_id();
session_start();
}
选项3感谢Cendak(使用Andron先前的解决方案)
function my_session_start()
{
$sn = session_name();
if (isset($_COOKIE[$sn])) {
$sessid = $_COOKIE[$sn];
} else if (isset($_GET[$sn])) {
$sessid = $_GET[$sn];
} else {
return session_start();
}
if (!preg_match('/^[a-zA-Z0-9,\-]{22,40}$/', $sessid)) {
return false;
}
return session_start();
}
if ( !my_session_start() ) {
session_id( uniqid() );
session_start();
session_regenerate_id();
}
选项4感谢Andron:
<?php
function my_session_start()
{
$sn = session_name();
if (isset($_COOKIE[$sn])) {
$sessid = $_COOKIE[$sn];
} else if (isset($_GET[$sn])) {
$sessid = $_GET[$sn];
} else {
session_start();
return false;
}
if (!preg_match('/^[a-zA-Z0-9,\-]{22,40}$/', $sessid)) {
return false;
}
session_start();
return true;
}
?>
选择5,感谢alpere:
$ok = @session_start();
if(!$ok){
session_regenerate_id(true); // replace the Session ID
session_start();
}
或者...有更好的方法.
推荐答案
@Ryflex,我已经在服务器上进行了一些测试,并得出以下结论:
@Ryflex, I've done a couple of tests on my server and concluded the following:
问题:
session_start()
依赖于$_COOKIE[session_name()]
,因此,如果您将cookie值编辑为#$#$FDSFSR#"#"$"#$"
之类的东西,或者只是将其清空(不删除cookie),然后使用您的代码刷新页面:
session_start()
relies on $_COOKIE[session_name()]
, so, if you edit the cookie value to something like #$#$FDSFSR#"#"$"#$"
or simply empty it (not delete the cookie) and refresh a page with your code:
if (!session_id()) {
session_start();
}
会生成以下警告:
PHP警告:session_start():会话ID太长或包含 非法字符,有效字符为a-z,A-Z,0-9和'-' /home/username/public_html/session_start.php,第7行
PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/username/public_html/session_start.php on line 7
之所以会发生这种情况,是因为php
正在检查session_id()
是否存在,实际上是否存在,但是包含不允许作为session_id
名称的非法字符.
This happens because php
is checking if session_id()
exists and, in fact, it exists, but contains illegal characters not allowed as session_id
name.
有效的session id
只能包含个数字,字母之间的字母A到Z(大写和小写),逗号和破折号([-,a-zA-Z0-9]
). > 1 和 128 个字符.
A valid session id
may contain only digits, letters A to Z (both upper and lower case), comma and dash ([-,a-zA-Z0-9]
) between 1 and 128 characters.
我的解决方案:
检查是否已设置$_COOKIE[session_name()]
并在session_start()
之前包含有效的session_id
,否则,请删除会话cookie,然后再删除session_start()
,例如:
Check if $_COOKIE[session_name()]
is set and contains a valid session_id
prior to session_start()
, otherwise, delete the session cookie and only then session_start()
, something like:
function safeSession() {
if (isset($_COOKIE[session_name()]) AND preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) {
session_start();
} elseif (isset($_COOKIE[session_name()])) {
unset($_COOKIE[session_name()]);
session_start();
} else {
session_start();
}
}
开始会话:
safeSession();
注释:
1-session_name
在php.ini
上定义为session.name = SOMETHING
(默认为PHPSESSID
),因此,您可能正在寻找与session.name
匹配的cookie.您可以使用session_name()
函数进行检索.
1 - session_name
is defined on your php.ini
as session.name = SOMETHING
(default is PHPSESSID
), so, you may be looking for a cookie matching session.name
. You can use the session_name()
function to retrieve it.
2-如果设置了ini_set('display_errors', 1);
,则黑客可以使用会话cookie操作来从服务器(username
和path
)中转储信息.
2 - Session cookie manipulation can be used by hackers to dump information from your server (username
and path
) if ini_set('display_errors', 1);
is set.
3-session_regenerate_id(true)
可以工作,但是由于它会在分配新的session_id
之前检查当前的session_id
,因此会生成警告.
3 - session_regenerate_id(true)
works but, because it checks the current session_id
prior to assign a new one, generates warnings.
4-我用几个无效的会话名称测试了代码,没有错误或警告生成,一切正常.
4 - I've tested the code with several invalid session names and no errors or warnings were generated, everything worked and intended.
参考:
这篇关于有关非法字符,空会话ID和会话失败的session_start()问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!