RE: [PHP-DEV] Empty session cookie leads to warning

From: Christian Stoller Date: Wed, 12 Feb 2014 07:25:12 +0000

Subject: RE: [PHP-DEV] Empty session cookie leads to warning

References: 1 2 Groups: php.internals

Request: Send a blank email to [email protected] to get a copy of this message

> What is the reason for having extremely insecure session ID?
> Is user sending empty cookie by deleting cookie value?
>
> Regards,
>

Hi Yasuo,

the resource, which has been called, is a dynamic generated playlist file (.M3U) and it seemed like
the user agent was a Windows Media Player, because of the passed HTTP headers. But I have no clue
why the empty cookie has been sent.

I have extended the application, so that the cookie value is checked and the session won't be
started if it is empty.

But maybe there is someone who could improve the warning message a bit. In this case it could say
"The session id is empty or too short."

Best regards

Thread (5 messages)

Christian StollerTue, 11 Feb 2014 07:31:19 +0000
Christian StollerTue, 11 Feb 2014 07:43:15 +0000RE: Empty session cookie leads to warning
Yasuo OhgakiWed, 12 Feb 2014 07:05:32 +0000
Christian StollerWed, 12 Feb 2014 07:25:12 +0000RE: [PHP-DEV] Empty session cookie leads to warning
Yasuo OhgakiWed, 12 Feb 2014 08:19:35 +0000Re: Empty session cookie leads to warning

« previous	php.internals (#72502)	next »

From:	Christian Stoller	Date:	Wed, 12 Feb 2014 07:25:12 +0000
Subject:	RE: [PHP-DEV] Empty session cookie leads to warning
References:	1 2	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message