CamaroSS
Reputation: 493
Session ID value bug
I am getting a random warning with the following text:
The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in...
In such cases $_COOKIE dump looks like this:
array (
'PHPSESSID' => '0t4qiq1ec36teca0l2ph74qq94,PHPSESSID=0t4qiq1ec36teca0l2ph74qq94,PHPSESSID=0t4qiq1ec36teca0l2ph74qq94,PHPSESSID=0t4qiq1ec36teca0l2ph74qq94',
)
Is it a bug or some kind of hacking attempt?
Edit The issue is gone after I've found an infinite redirect on the site under some conditions at the login page.
Upvotes: 0
Views: 113
Answers (1)
Apul Gupta
Reputation: 3034
If you notice, your cookie value itself repeating session id with cookie name again & again.
This may happen if someone tried to inject in someway.
You can read about session related vulnerabilities here: https://stackoverflow.com/a/5081453/2004910
Upvotes: 1
Related Questions
- PHP Session Id changes between pages
- SessionIDs are not unique in PHP
- Session Value changes in PHP
- PHP Session ID changing on every request
- The right ID is not stored in session php
- Session ID changes on saved to DB
- Wrong session value when reading
- PHP changes session ID on each request
- session id value changes
- PHP session id's differ