session_start() 有关非法字符、空会话 ID 和失败会话的问题
Posted
技术标签:
【中文标题】session_start() 有关非法字符、空会话 ID 和失败会话的问题【英文标题】:session_start() issues regarding illegal characters, empty session ID and failed session 【发布时间】:2015-12-30 04:09:39 【问题描述】:所以,我意识到这是一个重复的问题,但是,这显然是一个错误,但原帖已有 5 年历史,但也有人说这是一次恶意攻击...@987654321 @
处理此问题的最新正确方法是什么?
我的错误日志显示:
[30-Sep-2015 10:12:37 UTC] php 警告:session_start():会话 id 太长或包含非法字符,有效字符为 az、AZ、0-9 和 '-,' in /home/ACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php 在第 27 行
[2015 年 9 月 30 日 10:12:37 UTC] PHP 警告:session_start():无法在 /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php 中使用空会话 ID 启动会话第 21 行
[2015 年 9 月 30 日 10:12:37 UTC] PHP 警告:session_start():无法在 /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php 中使用空会话 ID 启动会话第 377 行
[2015 年 9 月 30 日 10:12:37 UTC] PHP 警告:session_start():无法在 /home/ACCOUNT/public_html/wp-content/plugins/cusplugin/cusplugin.php 中使用空会话 ID 启动会话第718行
[2015 年 9 月 30 日 10:12:50 UTC] PHP 警告:未知:会话 id 太长或包含非法字符,有效字符为 az、AZ、0-9 和 Unknown on第 0 行
[2015 年 9 月 30 日 10:12:50 UTC] PHP 警告:未知:无法写入会话数据(文件)。请在第 0 行的 Unknown 中验证 session.save_path 的当前设置是否正确(/tmp)
我的完整日志:
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:37 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 11:12:37 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 11:12:37 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[30-Sep-2015 10:12:49 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[30-Sep-2015 10:12:50 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:50 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:51 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 10:12:51 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:12:53 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[30-Sep-2015 10:12:53 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[30-Sep-2015 10:13:04 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[30-Sep-2015 10:13:04 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:21 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[01-Oct-2015 05:47:22 Europe/London] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:22 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 718
[01-Oct-2015 04:47:22 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 377
[01-Oct-2015 04:47:24 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[01-Oct-2015 04:47:24 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[01-Oct-2015 23:10:23 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492
[01-Oct-2015 23:11:15 UTC] PHP Warning: in_array() expects parameter 2 to be array, null given in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 492[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:42 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 09:59:42 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739
[02-Oct-2015 09:59:42 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[02-Oct-2015 08:59:44 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:45 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[02-Oct-2015 08:59:45 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:46 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 739
[02-Oct-2015 08:59:46 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[02-Oct-2015 08:59:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[02-Oct-2015 08:59:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 04:51:46 UTC] PHP Warning: require(ABSPATHwp-includes/load.php): failed to open stream: No such file or directory in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 04:51:46 UTC] PHP Fatal error: require(): Failed opening required 'ABSPATHwp-includes/load.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/HOSTINGACCOUNT/public_html/wp-settings.php on line 21
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:48 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 09:09:49 Europe/London] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727
[03-Oct-2015 09:09:49 Europe/London] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:52 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[03-Oct-2015 08:09:52 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:55 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 727
[03-Oct-2015 08:09:55 UTC] PHP Fatal error: Call to a member function check_connection() on a non-object in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/simple-press/sp-api/sp-api-wpdb.php on line 439
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/wl-coupon/wishlist-coupon20.php on line 27
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 385
[03-Oct-2015 08:09:57 UTC] PHP Warning: session_start(): Cannot start session with empty session ID in /home/HOSTINGACCOUNT/public_html/wp-content/plugins/customplugin/customplugin.php on line 21
[03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
[03-Oct-2015 08:09:57 UTC] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
正如您所看到的,它们似乎都是成群发生的,看看 9 月 30 日,它在 1 分钟内发生了很多次,然后在一天的其余时间都不会发生......
它为 customplugin、简单的新闻论坛(我认为)和 Wishlist Coupon 2.0 抛出 sessionid 问题
我的自定义插件代码有:
if(!session_id())
session_start();
我尝试了下面的选项 2,但它没有帮助/解决问题。
导致某些错误的其他 WordPress 插件的 sn-p:
class WishListCoupon20 extends WishListPlugin
public function __construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm)
parent::__construct($file, $slug, $sku, $name, $link_name, $prefix, $require_wlm);
session_start();
另一个堆栈溢出帖子有一些解决该问题的变体,但我不确定什么是正确的,因为该帖子已有 5 年以上的历史了,您可能希望在那段时间修复一个错误。
感谢 Sergey Eremin 的选项 1:
<?php
function my_session_start()
if (ini_get('session.use_cookies') && isset($_COOKIE['PHPSESSID']))
$sessid = $_COOKIE['PHPSESSID'];
elseif (!ini_get('session.use_only_cookies') && isset($_GET['PHPSESSID']))
$sessid = $_GET['PHPSESSID'];
else
session_start();
return false;
if (!preg_match('/^[a-z0-9]32$/', $sessid))
return false;
session_start();
return true;
?>
感谢 danjfoley 的选项 2:
try
session_start();
catch(ErrorExpression $e)
session_regenerate_id();
session_start();
感谢 Cendak 的选项 3(使用 Andron 以前的解决方案)
function my_session_start()
$sn = session_name();
if (isset($_COOKIE[$sn]))
$sessid = $_COOKIE[$sn];
else if (isset($_GET[$sn]))
$sessid = $_GET[$sn];
else
return session_start();
if (!preg_match('/^[a-zA-Z0-9,\-]22,40$/', $sessid))
return false;
return session_start();
if ( !my_session_start() )
session_id( uniqid() );
session_start();
session_regenerate_id();
感谢 Andron 的选项 4:
<?php
function my_session_start()
$sn = session_name();
if (isset($_COOKIE[$sn]))
$sessid = $_COOKIE[$sn];
else if (isset($_GET[$sn]))
$sessid = $_GET[$sn];
else
session_start();
return false;
if (!preg_match('/^[a-zA-Z0-9,\-]22,40$/', $sessid))
return false;
session_start();
return true;
?>
感谢 alpere 的选项 5:
$ok = @session_start();
if(!$ok)
session_regenerate_id(true); // replace the Session ID
session_start();
或者……有没有更好的办法。
【问题讨论】:
您使用的是哪个php 版本?你是服务器的管理员吗?
【参考方案1】:
问题:
session_start() 依赖于$_COOKIE[session_name()],因此,如果您将 cookie 值编辑为 #$#$FDSFSR#"#"$"#$" 之类的值,或者只是清空它(而不是删除 cookie)并使用您的代码刷新页面:
if (!session_id())
session_start();
生成以下警告:
PHP 警告:session_start():会话 id 太长或包含 非法字符,有效字符为 a-z、A-Z、0-9 和 '-,' in /home/username/public_html/session_start.php 在第 7 行
发生这种情况是因为php是检查session_id()存在,实际上它存在,但包含不允许的非法字符作为session_id name。
a 有效 session id可能包含只有数字,字母a到z(upper和小写),逗号和dash([-,a-zA-Z0-9])之间的1 和 128 个字符。
我的解决方案:
检查是否$_COOKIE[session_name()] 987654334 session_start(),否则,删除会话cookie和session_start(),类似:
function safeSession()
if (isset($_COOKIE[session_name()]) AND preg_match('/^[-,a-zA-Z0-9]1,128$/', $_COOKIE[session_name()]))
session_start();
elseif (isset($_COOKIE[session_name()]))
unset($_COOKIE[session_name()]);
session_start();
else
session_start();
开始会话:
safeSession();
注意事项:
1 - 987654338 @在您的php.ini AS session.name = SOMETHING(默认为PHPSESSID),所以,您可能正在寻找一个饼干匹配session.name。您可以使用session_name() 函数来检索它。
2 - Hackers可以使用SEQUE Cookie操作,从您的服务器转储信息(username和path)如果ini_set('display_errors', 1); @ / p>
3 - session_regenerate_id(true) 有效,但是因为它会在分配新的session_id 之前检查当前的session_id,所以会生成警告。
4 - 我已经测试了几个无效的会话名称的代码,没有生成错误或警告,一切都在工作和打算。
参考资料:
session.c Source Code
【讨论】:
我喜欢你的解释,但算法可以改进:***.com/a/58776699/1856214【参考方案2】:我敢打赌,你此时正受到攻击。这意味着例如有人操纵了您的会话 cookie。
由于session_start();是一个系统函数,我认为它不会产生无效的id。
在我看来,选项 2 是最好的。但如果我没记错的话,你需要为此设置一个自定义错误处理程序。
This answer 对我来说似乎更好:
$ok = @session_start();
if(!$ok)
//Hello Hacker ;)
session_regenerate_id(true); // replace the Session ID
session_start();
【讨论】:
我们每天得到一两次,这没有任何意义,而且自定义插件的页面只有成员才能看到,所以我不明白它是如何受到攻击的。他们为什么/想做什么,以及我该如何预防? 上面的代码应该明确防止这种情况发生。但一如既往,永远不要相信用户输入。想想会话劫持等。你确定,这段代码不会为任何用户执行吗?一天一次或两次并不常见,以防发作。你很幸运 ;) 即使你认为,你还不够大,你使用的 cms 系统就是 ;) 你可以尝试在!$ok 路径中添加error_log($_REQUEST['REMOTE_ADDR']);。我开发 PHP 大约 10 年了。永远不会生成无效的 id。【参考方案3】:
我喜欢Pedro Lobito的解释,但算法可以改进:
if (isset($_COOKIE[session_name()]) && 0 === preg_match('/^[-,a-zA-Z0-9]1,128$/', $_COOKIE[session_name()]))
unset($_COOKIE[session_name()]);
if ('' === session_id())
session_start();
【讨论】:
以上是关于session_start() 有关非法字符、空会话 ID 和失败会话的问题的主要内容,如果未能解决你的问题,请参考以下文章