stable
Clone or download
This contribution also respect the same naming convention used by the authentication cookie. Using _ and - in a session name is against the PHP documentation [1] but it seems this warning has only been added to avoid issues when the session name is used in URLs and cookies but for both these chars are safe to use. A quick review of the PHP source code and functionnal tests in PHP 5.6 and 7.2 has not shown specific restrictions. A bug request to change this warning in the PHP documentation has been opened [2] but we should not encounter more issues than with the authentication cookie. This is part of request #10979: Implement Same-Site cookie and cookie prefixes protections [1] https://secure.php.net/manual/en/function.session-name.php [2] https://bugs.php.net/bug.php?id=75883 Change-Id: Ie8b3e553667c1f63c73f77a87b7f19289da93336
Modified Files
Name | ||||
---|---|---|---|---|
M | src/common/include/CookieManager.class.php | +4 | −4 | Go to diff View file |
M | src/common/session/PHP_Session.class.php | +3 | −0 | Go to diff View file |