0

I'm trying to handle invalid session id, but php keeps sending me this error:

<b>Warning</b>:  session_start() [<a href='function.session-start'>function.session-start</a>]: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>/home3/mn0198/razorphyn/products/support/index.php</b> on line <b>21</b><br />

this is my code:

ob_start();
ini_set('session.auto_start', '0');
ini_set('session.save_path', 'php/config/session');
ini_set('session.hash_function', 'sha512');
ini_set('session.gc_maxlifetime', '1800');
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '512');
ini_set('session.gc_probability', '20');
ini_set('session.gc_divisor', '100');
ini_set('session.cookie_httponly', '1');
ini_set('session.use_only_cookies', '1');
ini_set('session.use_trans_sid', '0');
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
    ini_set('session.cookie_secure', '1');
}
if(isset($_COOKIE['RazorphynSupport']) && !empty($_COOKIE['RazorphynSupport']) && !preg_match('/^[a-z0-9]{26,40}$/',$_COOKIE['RazorphynSupport'])){
    setcookie('RazorphynSupport','',time()-3600);
}
session_name("RazorphynSupport");
session_start(); 
ob_end_flush();

What's wrong?

Razorphyn
  • 1,314
  • 13
  • 37
  • is there a reason you are setting all these session settings at runtime instead of setting them in your php.ini? – Patrick Evans Aug 31 '13 at 15:30
  • @PatrickEvans Because it is supposed to be distributed to whoever needs it and I don't know the abilities of the user – Razorphyn Aug 31 '13 at 15:34

1 Answers1

1

Change 

setcookie('RazorphynSupport','',time()-3600);

with

unset($_COOKIE['RazorphynSupport']);

In this way php is forced to generate a new ID

Razorphyn
  • 1,314
  • 13
  • 37