RE: [PHP-DEV] Empty session cookie leads to warning

From: Date: Wed, 12 Feb 2014 07:25:12 +0000
Subject: RE: [PHP-DEV] Empty session cookie leads to warning
References: 1 2  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
> What is the reason for having extremely insecure session ID?
> Is user sending empty cookie by deleting cookie value?
>
> Regards,
>

Hi Yasuo,

the resource, which has been called, is a dynamic generated playlist file (.M3U) and it seemed like
the user agent was a Windows Media Player, because of the passed HTTP headers. But I have no clue
why the empty cookie has been sent.

I have extended the application, so that the cookie value is checked and the session won't be
started if it is empty.

But maybe there is someone who could improve the warning message a bit. In this case it could say
"The session id is empty or too short."

Best regards


Thread (5 messages)

« previous php.internals (#72502) next »