Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
I noticed this in my PHP error log:
开发者_开发百科Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
I don't know what's wrong. The session names are called PHPSESSID (default). and have values like: f11m9p7r18pau9s7j9dsk8f1h6
.
I am baffled, I don't know what it is trying to tell me, sessions are handled by PHP. I am on shared hosting, but have my sessions stored outside document root so nobody can access them.
Don't mind, somebody could simply manipulate the URL like:
http://domain.org/?PHPSESSID=this~won't_work
PHP will see the PHPSESSID-parameter and tries to restore the session using the value(what will fail)
If you like to avoid these errors, use the @-operator on session_start()
精彩评论