|
Session security
Error:
Warning: session_start() [function.session-start]: The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /**/******/index.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /**/**/index.php:2) in /**/***/index.php on line 2 How can we prevent from this kind of error. Do we have to check the content of the session for valid contents only or is there any other way. |
I would assume by that error that you're actually trying to enforce a session ID yourself? I have heard of no problems since around PHP 4 of PHP issuing invalid characters. I know there was an issue in PHP of the session ID sometimes being null.
You could do the following, but I wouldn't recommend it because if there's a function you've written that's not performing well, then you'll want to correct it. For example, if the session ID is set as all invalid characters then the following would leave you with an empty session. php Code:
|
Is this just a one-off occurance for a particular user or does everyone experince the problem?
This error usually occurs for a couple of reasons: 1) The session ID is empty/0 for some reason - this can be fixed by regenerating the session ID: PHP Code:
Is it possible that you can do "die(session_id());" at the bottom of your code to see what it produces? Alan |
Quote:
Are you sure something hasn't already been sent to the document because even a space will cause the message headers to be sent and no session or cookie data can be sent after that. That is what it looks like is happening here. Wh |
| All times are GMT. The time now is 06:26 PM. |
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0