8000 Error: The session id is too long or contains illegal characters in core/functions/preload.php:70 · Issue #2104 · evolution-cms/evolution · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Error: The session id is too long or contains illegal characters in core/functions/preload.php:70 #2104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
q2apro opened this issue Jul 18, 2022 · 4 comments
Closed

Error: The session id is too long or contains illegal characters in core/functions/preload.php:70 #2104

q2apro opened this issue Jul 18, 2022 · 4 comments

Comments

@q2apro
Copy link
q2apro commented Jul 18, 2022

I have got visits from a Russian hack bot who tried 1000s of requests.

Cannot modify header information - headers already sent by (output started at /core/functions/preload.php:70)
« Evolution CMS Parse Error »
Error : Cannot modify header information - headers already sent by (output started at /core/functions/preload.php:70)

I checked the error logs and found:

PHP Warning: session_start(): The session id is too long or contains illegal characters, valid haracters are a-z, A-Z 0-9 and '-, ' in /core/functions/preload.php on line 70

On Stackoverflow there are some solutions to prevent this problem: https://stackoverflow.com/questions/3185779/the-session-id-is-too-long-or-contains-illegal-characters-valid-characters-are

I think EVOCMS should implement one of those solutions so the error cannot be caused.
@Dmi3yy
Copy link
Dmi3yy commented Jul 18, 2022

You can implement this and send PR :)

q2apro added a commit to q2apro/evolution that referenced this issue Aug 3, 2022
@q2apro
Fix for Issue 2104
bbbe397 
evolution-cms#2104
@q2apro
Copy link
Author
q2apro commented Aug 3, 2022
edited
Loading

This should fix the problem: modxcms/evolution@master...q2apro:evolution:patch-1

But I could not test it.

@q2apro
Copy link
Author
q2apro commented Aug 6, 2022
edited
Loading

The bot was there again. The error appeared again.

PHP Warning: session_regenerate_id(): Cannot regenerate session id - session is not active in /core/functions/preload.php on line 76

New code to avoid the problem:

		$session_ok = @session_start();
		if (!$session_ok)
		{
			ob_start();
			session_start();
			session_regenerate_id();
		}

@q2apro
Copy link
Author
q2apro commented Feb 27, 2023
edited
Loading

Better fix:

$sessionname = session_name();

// safe session - see https://stackoverflow.com/a/33024310/1066234
if (isset($_COOKIE[ $sessionname ]) && preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $_COOKIE[ $sessionname ])) 
{
	session_start();
}
else if (isset($_COOKIE[ $sessionname ])) 
{
	unset($_COOKIE[ $sessionname ]);
	session_start();
}
else 
{
	session_start(); 
}

// no session started, exit
if (session_status() === PHP_SESSION_NONE) 
{
	exit();
}

Seiger added a commit that referenced this issue Jun 8, 2023
@Seiger
[FIX] Error: The session id is too long or contains illegal character…
56AC
16d1956 
…s in core/functions/preload.php:70 #2104.
@Seiger Seiger closed this as completed Jun 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Dmi3yy @q2apro @Seiger
0