Menu
How to solve :
Warning: session_start() [function.session-start]: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in ..... on line 3
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at ......:3) in ..... on line 3
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at .....:3) in ..... on line 3
541
A session ID is a unique number that a Web site's server assigns a specific user for the duration of that user's visit (session). The session ID can be stored as a cookie, form field, or URL (Uniform Resource Locator). Some Web servers generate session IDs by simply incrementing static numbers.
Session IDs are typically found in the Request (NCSA) field, the URI-Query (W3C), or the Cookie field: If the ID is found in the URL itself, it will be in the Request field for Apache servers and in the URI Query field for IIS servers.
Session IDs are sensitive information that may allow an attacker to steal, modify and/or destroy information once they obtain one. Information sent via URL parameters is: Stored in clear text in the browser history. Sent to external sites via the referrer HTTP header.
Session id is generated by PHP at server end user can't change the generated session id. However it can be re-created. Here is the code.
It is an information vulnerability: a malicious attacker may alter the cookies and assign illegal characters to PHPSESSID to expose this PHP warning, which in fact contains juicy information like the file path and the username!
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
