session_start warning (4.2.3 -> 4.3.0)

cscscs

hello,

users on my site are reporting the following error when trying to login into my site. the login procedure contains a session_start(); call at the beginning of the file.

Warning: session_start() [function.session-start]: The session id contains illegal characters

the only change i've made recently is to upgrade from 4.2.3 to 4.3.0. i have a feeling that this warning goes away on the second login. any ideas how to fix this?

mrsocks

did you ever find a solution to this? i am having the same problem.

thanks

Weedpacket

That is curious; session ID's are usually generated by the server and look like 765cf1b28b810aa93942e2298e8b1ad0 - pretty harmless.

Does this happen on the page where the session is initially created or on following pages? I'm just wondering if the session ID getting mangled by the browser in some way, which may be something to do with how you're sending the session ID out (are you explicitly putting it in the URL, for example?)

Could you post a small example that exhibits this behaviour so's we can replicate it?

mrsocks

i was playing with this more last night and it seems as though i wasn't passing the PHPSESSID in the URL. once i added PHPSESSID into a hidden field and passed that along with the other form variables, it seems to work ok now.

i then added $PHPSESSID = $_POST["PHPSESSID"]; on the receiving pages.

is this correct?

i will write back with more info if i shouldnt be doing it this way.

thanks for the help.