[horde] Problem with session_start()
Jan Schneider
jan at horde.org
Fri Dec 19 08:39:38 UTC 2014
Zitat von Michael M Slusarz <slusarz at horde.org>:
> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von lst_hoe02 at kwsoft.de:
>>
>>> Zitat von Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von lst_hoe02 at kwsoft.de:
>>>>
>>>>> Hello,
>>>>>
>>>>> since recently we have a lot of the following in our logfile:
>>>>>
>>>>> Dec 17 11:33:41 ftp HORDE: PHP ERROR: session_start(): The
>>>>> session id is too long or contains illegal characters, valid
>>>>> characters are a-z, A-Z, 0-9 and '-,' [pid 32572 on line 69 of
>>>>> "/usr/share/php/Horde/Session/Null.php"]
>>>>>
>>>>> any idea what to fix to get this work?
>>>>>
>>>>> Horde/IMP are all latest and PHP settings are mostly default.
>>>>
>>>> And what *is* the id?
>>>>
>>>
>>> How to find out? It is not logged as far as i can see...
>>> Should it be listed in the admin panel? I guess no because it is
>>> rejected after all...
>>
>> Add some debugging statement on that line.
>
> Wondering if someone is injecting session IDs via URLs in some kind
> of attack attempt.
Yep, that's what I was suspecting too.
--
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject
More information about the horde
mailing list