Statement on glibc/iconv Vulnerability

    SessionUpdateTimestampHandlerInterface::validateId

    (PHP 7, PHP 8)

    SessionUpdateTimestampHandlerInterface::validateIdValidate ID

    Descrizione

    public SessionUpdateTimestampHandlerInterface::validateId(string $id): bool

    Validates a given session ID. A session ID is valid, if a session with that ID already exists. This function is automatically executed when a session is to be started, a session ID is supplied and session.use_strict_mode is enabled.

    Elenco dei parametri

    id

    The session ID.

    Valori restituiti

    Returns true for valid ID, false otherwise. Note that this value is returned internally to PHP for processing.

    Improve This Page

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 1 note

    up
    3
    ohcc at 163 dot com
    3 years ago
    'validateId' is called after 'open' and before 'read' to validate the session id provided by the client, as 'open' -> 'validateId' -> 'read' -> 'write' -> 'close' are called in sequence.

    If 'validateId' returns false, a new session id will be generated, the session cookie will also be updated afterwards.
    add a note
    To Top