MFB: Fixed bug #38224 (session extension can't handle broken cookies).

diff --git a/ext/session/session.c b/ext/session/session.c
index 1d910b8df5a1ec602248bce5c5979befbaace993..b986570749a318eb941e29e9548d031419d367bd 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -653,6 +653,7 @@ static void php_session_initialize(TSRMLS_D)
 {
        char *val;
        int vallen;
+       zend_bool new = 0;
 
        /* check session name for invalid characters */
        if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
@@ -672,8 +673,15 @@ static void php_session_initialize(TSRMLS_D)
        }
        
        /* If there is no ID, use session module to create one */
-       if (!PS(id))
+       if (!PS(id)) {
+new_session:
                PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
+php_error_docref(NULL TSRMLS_CC, E_WARNING, "Making a new session %s.", PS(id));
+               if (PS(use_cookies)) {
+                       PS(send_cookie) = 1;
+               }
+               new = 1;
+       }
        
        /* Read data */
        /* Question: if you create a SID here, should you also try to read data?
@@ -685,6 +693,8 @@ static void php_session_initialize(TSRMLS_D)
        if (PS(mod)->s_read(&PS(mod_data), PS(id), &val, &vallen TSRMLS_CC) == SUCCESS) {
                php_session_decode(val, vallen TSRMLS_CC);
                efree(val);
+       } else if (!new) {
+               goto new_session;
        }
 }