[英]session_start() issues regarding illegal characters, empty session ID and failed session
所以,我意識到這是一個重復的問題,然而,這顯然是一個錯誤,但原來的帖子已經有 5 年了,但也有人說這是一次惡意攻擊...... 會話 ID 太長或包含非法字符,有效字符是 az, AZ, 0-9 和 '-,'
處理此問題的最新、正確方法是什么?
我的錯誤日志顯示:
[2015 年 9 月 30 日 10:12:37 UTC] PHP 警告:session_start():會話 ID 太長或包含非法字符,有效字符為 /home/ 中的 az、AZ、0-9 和 '-,'第 27 行的帳戶/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php
[2015 年 9 月 30 日 10:12:37 UTC] PHP 警告:session_start():無法在第 21 行的 /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php 中以空會話 ID 啟動會話
[2015 年 9 月 30 日 10:12:37 UTC] PHP 警告:session_start():無法在第 377 行的 /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php 中以空會話 ID 啟動會話
[30-Sep-2015 10:12:37 UTC] PHP 警告:session_start():無法在第 718 行的 /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php 中以空會話 ID 啟動會話
[30-Sep-2015 10:12:50 UTC] PHP 警告:未知:會話 ID 太長或包含非法字符,有效字符為 az、AZ、0-9 和 '-,' in Unknown on line 0
[2015 年 9 月 30 日 10:12:50 UTC] PHP 警告:未知:無法寫入會話數據(文件)。 請驗證 session.save_path 的當前設置在第 0 行的 Unknown 中是否正確 (/tmp)
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 11:12:37 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 11:12:37 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[30-Sep-2015 10:12:49 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:51 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 10:12:51 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 10:13:04 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[01-Oct-2015 04:47:22 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[01-Oct-2015 23:10:23 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492
[01-Oct-2015 23:11:15 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 09:59:42 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739
[02-Oct-2015 09:59:42 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[02-Oct-2015 08:59:44 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739
[02-Oct-2015 08:59:46 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 04:51:46 UTC] PHP Fatal error: require(): Failed opening required 'ABSPATHwp-includes/load.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 09:09:49 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727
[03-Oct-2015 09:09:49 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727
[03-Oct-2015 08:09:55 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
正如你在那里看到的,它們似乎都是成組發生的,看看 9 月 30 日,它在 1 分鍾內發生了很多次,然后在一天的其余時間都沒有發生......
它為 customplugin、簡單的新聞論壇(我認為)和 Wishlist Coupon 2.0 拋出了 sessionid 問題
我的自定義插件代碼有:
if(!session_id()) {
session_start();
}
我已經嘗試了下面的選項 2,但它沒有幫助/解決問題。
導致某些錯誤的其他 WordPress 插件的片段:
class WishListCoupon20 extends WishListPlugin {
public function __construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm) {
parent::__construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm);
session_start();
另一個堆棧溢出帖子有一些解決該問題的變體,但我不確定哪個是正確的,因為該帖子已有 5 年以上的歷史,並且您希望在那個時候修復了一個錯誤。
<?php
function my_session_start()
{
if (ini_get('session.use_cookies') && isset($_COOKIE['PHPSESSID'])) {
$sessid = $_COOKIE['PHPSESSID'];
} elseif (!ini_get('session.use_only_cookies') && isset($_GET['PHPSESSID'])) {
$sessid = $_GET['PHPSESSID'];
} else {
session_start();
return false;
}
if (!preg_match('/^[a-z0-9]{32}$/', $sessid)) {
return false;
}
session_start();
return true;
}
?>
try {
session_start();
} catch(ErrorExpression $e) {
session_regenerate_id();
session_start();
}
function my_session_start()
{
$sn = session_name();
if (isset($_COOKIE[$sn])) {
$sessid = $_COOKIE[$sn];
} else if (isset($_GET[$sn])) {
$sessid = $_GET[$sn];
} else {
return session_start();
}
if (!preg_match('/^[a-zA-Z0-9,\-]{22,40}$/', $sessid)) {
return false;
}
return session_start();
}
if ( !my_session_start() ) {
session_id( uniqid() );
session_start();
session_regenerate_id();
}
<?php
function my_session_start()
{
$sn = session_name();
if (isset($_COOKIE[$sn])) {
$sessid = $_COOKIE[$sn];
} else if (isset($_GET[$sn])) {
$sessid = $_GET[$sn];
} else {
session_start();
return false;
}
if (!preg_match('/^[a-zA-Z0-9,\-]{22,40}$/', $sessid)) {
return false;
}
session_start();
return true;
}
?>
$ok = @session_start();
if(!$ok){
session_regenerate_id(true); // replace the Session ID
session_start();
}
問題:
session_start()依賴於$_COOKIE[session_name()] ,因此,如果您將 cookie 值編輯為類似#$#$FDSFSR#"#"$"#$"或只是清空它(不刪除 cookie)並刷新包含您的代碼的頁面:
if (!session_id()) {
session_start();
}
生成以下警告:
PHP 警告:session_start():會話 id 太長或包含非法字符,有效字符為 az、AZ、0-9 和 '-,' in /home/username/public_html/session_start.php 第 7 行
發生這種情況是因為php正在檢查session_id()存在,事實上,它存在,但包含不允許作為session_id名稱的非法字符。
一個有效的session id可以只包含數字,字母A到Z(大寫和小寫),逗號和破折號( [-,a-zA-Z0-9] )1個128個字符之間。
我的解決方案:
檢查$_COOKIE[session_name()]是否設置並在session_start()之前包含有效的session_id ,否則,刪除會話 cookie,然后才刪除session_start() ,例如:
function safeSession() {
if (isset($_COOKIE[session_name()]) AND preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) {
session_start();
} elseif (isset($_COOKIE[session_name()])) {
unset($_COOKIE[session_name()]);
session_start();
} else {
session_start();
}
}
開始會話:
safeSession();
筆記:
1 - session_name在您的php.ini定義為session.name = SOMETHING (默認為PHPSESSID ),因此,您可能正在尋找匹配session.name的 cookie。 您可以使用session_name()函數來檢索它。
2 - 如果ini_set('display_errors', 1);黑客可以使用會話 cookie 操作從您的服務器( username和path )轉儲信息ini_set('display_errors', 1); 設置。
3 - session_regenerate_id(true)有效,但是,因為它在分配新的session_id之前檢查當前session_id ,會生成警告。
4 - 我用幾個無效的會話名稱測試了代碼,沒有產生錯誤或警告,一切正常。
參考:
我敢打賭,你此時正受到攻擊。 例如,這意味着有人操縱了您的會話 cookie。
由於session_start(); 是一個系統函數,我認為它不會生成無效的 ID。
在我看來,選項 2 是最好的。 但是如果我沒記錯的話,您需要為此設置一個自定義錯誤處理程序。
這個答案對我來說似乎更好:
$ok = @session_start();
if(!$ok){
//Hello Hacker ;)
session_regenerate_id(true); // replace the Session ID
session_start();
}
我喜歡Pedro Lobito的解釋,但算法可以改進:
if (isset($_COOKIE[session_name()]) && 0 === preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[session_name()])) {
unset($_COOKIE[session_name()]);
}
if ('' === session_id()) {
session_start();
}
警告:session_start()[function.session-start]:會話ID包含非法字符,有效字符為az,AZ,0-9和'-'
[英]Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'
舊版 Symfony 項目:PHP 警告:session_start():會話 ID 太長或包含非法字符
[英]Legacy Symfony project: PHP Warning: session_start(): The session id is too long or contains illegal characters
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.