Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 60154ce

Browse filesBrowse files
peter17peter17
committed
[HttpFoundation] [Session] Overwrite invalid session id.
1 parent ce4a1a9 commit 60154ce
Copy full SHA for 60154ce

File tree

1 file changed

+8
-0
lines changed
Filter options

1 file changed

+8
-0
lines changed

‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+8Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,14 @@ public function start()
152152
throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
153153
}
154154

155+
$sessionName = session_name();
156+
$sessionId = $_COOKIE[$sessionName] ?? null;
157+
// validate according to https://www.php.net/manual/fr/function.session-start.php
158+
if ($sessionId && !preg_match('/^[a-zA-Z0-9,\-]{1,123}$/', $sessionId)) {
159+
// the session ID in the header is invalid, create a new one
160+
session_id(session_create_id());
161+
}
162+
155163
// ok to try and start the session
156164
if (!session_start()) {
157165
throw new \RuntimeException('Failed to start the session.');

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.