Question

我正在尝试处理无效的会话ID，但php一直向我发送此错误：

<b>Warning</b>:  session_start() [<a href='function.session-start'>function.session-start</a>]: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>/home3/mn0198/razorphyn/products/support/index.php</b> on line <b>21</b><br />

这是我的代码：

ob_start();
ini_set('session.auto_start', '0');
ini_set('session.save_path', 'php/config/session');
ini_set('session.hash_function', 'sha512');
ini_set('session.gc_maxlifetime', '1800');
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '512');
ini_set('session.gc_probability', '20');
ini_set('session.gc_divisor', '100');
ini_set('session.cookie_httponly', '1');
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', '0');
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
    ini_set('session.cookie_secure', '1');
}
if(isset($_COOKIE['RazorphynSupport']) && !empty($_COOKIE['RazorphynSupport']) && !preg_match('/^[a-z0-9]{26,40}$/',$_COOKIE['RazorphynSupport'])){
    setcookie('RazorphynSupport','',time()-3600);
}
session_name("RazorphynSupport");
session_start(); 
ob_end_flush();

怎么了？

Answer 1

更改

setcookie('RazorphynSupport','',time()-3600);

与

unset($_COOKIE['RazorphynSupport']);

通过这种方式，php被迫生成一个新的ID

处理无效的会话ID

1 个答案: