RE: [PHP-DEV] Empty session cookie leads to warning
> What is the reason for having extremely insecure session ID?
> Is user sending empty cookie by deleting cookie value?
>
> Regards,
>
Hi Yasuo,
the resource, which has been called, is a dynamic generated playlist file (.M3U) and it seemed like
the user agent was a Windows Media Player, because of the passed HTTP headers. But I have no clue
why the empty cookie has been sent.
I have extended the application, so that the cookie value is checked and the session won't be
started if it is empty.
But maybe there is someone who could improve the warning message a bit. In this case it could say
"The session id is empty or too short."
Best regards
Thread (5 messages)