diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/session/session.c | 12 |
2 files changed, 12 insertions, 1 deletions
@@ -17,6 +17,7 @@ PHP NEWS - Fixed bug #38234 (Exception in __clone makes memory leak). (Dmitry, Nuno) - Fixed bug #38229 (strtotime() does not parse YYYY-MM format). (Ilia) +- Fixed bug #38224 (session extension can't handle broken cookies). (Ilia) - Fixed bug #38220 (Crash on some object operations). (Dmitry) - Fixed bug #38217 (ReflectionClass::newInstanceArgs() tries to allocate too much memory). (Tony) diff --git a/ext/session/session.c b/ext/session/session.c index 2a2ad4da3e..aa71025544 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -745,6 +745,7 @@ static void php_session_initialize(TSRMLS_D) { char *val; int vallen; + zend_bool new = 0; /* check session name for invalid characters */ if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) { @@ -764,8 +765,15 @@ static void php_session_initialize(TSRMLS_D) } /* If there is no ID, use session module to create one */ - if (!PS(id)) + if (!PS(id)) { +new_session: PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC); +php_error_docref(NULL TSRMLS_CC, E_WARNING, "Making a new session %s.", PS(id)); + if (PS(use_cookies)) { + PS(send_cookie) = 1; + } + new = 1; + } /* Read data */ /* Question: if you create a SID here, should you also try to read data? @@ -777,6 +785,8 @@ static void php_session_initialize(TSRMLS_D) if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) { php_session_decode(val, vallen TSRMLS_CC); efree(val); + } else if (!new) { + goto new_session; } } |