symfony
diff --git a/‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+7Lines changed: 7 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+7Lines changed: 7 additions & 0 deletions
@@ -152,6 +152,13 @@ public function start()
             throw new \RuntimeException(sprintf('Failed to start the session because headers have already been sent by "%s" at line %d.', $file, $line));
         }
 
+        $sessionName = session_name();
+        $sessionId = $_COOKIE[$sessionName] ?? null;
+        // validate according to https://www.php.net/manual/fr/function.session-start.php
+        if ($sessionId && !preg_match('/^[a-zA-Z0-9,\-]{1,123}$/', $sessionId)) {
+            unset($_COOKIE[$sessionName]);
+        }
+
         // ok to try and start the session
         if (!session_start()) {
             throw new \RuntimeException('Failed to start the session.');