symfony
diff --git a/‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+6Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+6Lines changed: 6 additions & 0 deletions
@@ -152,6 +152,12 @@ public function start()
             throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
         }
 
+        $sessionId = $_COOKIE[session_name()] ?? null;
+        if ($sessionId && !preg_match('/^[a-zA-Z0-9,-]{22,}$/', $sessionId)) {
+            // the session ID in the header is invalid, create a new one
+            session_id(session_create_id());
+        }
+
         // ok to try and start the session
         if (!session_start()) {
             throw new \RuntimeException('Failed to start the session.');