From 8c37a086c78a66517967fcb809fb53297becfe42 Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Fri, 15 Jan 2016 09:45:08 +0900
Subject: Improved fix for bug #68063 (Empty session IDs do still start
 sessions).

---
 ext/session/session.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'ext/session/session.c')

diff --git a/ext/session/session.c b/ext/session/session.c
index 53e22c252e..ffb6fb381b 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -512,7 +512,10 @@ static void php_session_initialize(TSRMLS_D) /* {{{ */
 	}
 
 	/* If there is no ID, use session module to create one */
-	if (!PS(id)) {
+	if (!PS(id) || !PS(id)[0]) {
+		if (PS(id)) {
+			efree(PS(id));
+		}
 		PS(id) = PS(mod)->s_create_sid(&PS(mod_data), NULL TSRMLS_CC);
 		if (!PS(id)) {
 			php_session_abort(TSRMLS_C);
@@ -2102,10 +2105,6 @@ static PHP_FUNCTION(session_decode)
 static PHP_FUNCTION(session_start)
 {
 	/* skipping check for non-zero args for performance reasons here ?*/
-	if (PS(id) && !strlen(PS(id))) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot start session with empty session ID");
-		RETURN_FALSE;
-	}
 
 	php_session_start(TSRMLS_C);
 
-- 
cgit v1.2.1