From 6db77fdaccde931a6cab77d740fe585ce81a324a Mon Sep 17 00:00:00 2001 From: Stafox Date: Tue, 2 Feb 2016 20:10:35 +0300 Subject: [PATCH 1/2] Fix bug when exception thrown if invalid session id received --- library/Zend/Session.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/Zend/Session.php b/library/Zend/Session.php index 6378cbf612..ec4f2f66a3 100644 --- a/library/Zend/Session.php +++ b/library/Zend/Session.php @@ -422,8 +422,6 @@ public static function start($options = false) { // Check to see if we've been passed an invalid session ID if ( self::getId() && !self::_checkId(self::getId()) ) { - // Generate a valid, temporary replacement - self::setId(md5(self::getId())); // Force a regenerate after session is started self::$_regenerateIdState = -1; } @@ -664,7 +662,7 @@ public static function setId($id) if (!self::$_unitTestEnabled && defined('SID')) { /** @see Zend_Session_Exception */ require_once 'Zend/Session/Exception.php'; - throw new Zend_Session_Exception('The session has already been started. The session id must be set first.'); + throw new Zend_Session_Exception('The session has already been started. The session id must be set first.'); } if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) { From 0cfebd970611d10864be153e02d187484dd4f22e Mon Sep 17 00:00:00 2001 From: Stafox Date: Tue, 2 Feb 2016 23:54:45 +0300 Subject: [PATCH 2/2] Regenerate session id, if current is not valid --- library/Zend/Session.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/Zend/Session.php b/library/Zend/Session.php index ec4f2f66a3..682601a4c5 100644 --- a/library/Zend/Session.php +++ b/library/Zend/Session.php @@ -432,6 +432,11 @@ public static function start($options = false) } if (self::$_sessionStarted) { + // Generate valid session id + if (self::$_regenerateIdState === -1) { + self::regenerateId(); + } + return; // already started }