有人可以解释这是否是 PHP 的正确行为,我期待 session_start() 返回 false 并收到警告说 session_name 包含非法字符。
重现代码:
<?php
session_name('m m');
var_dump(session_start());
if(!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}
else {
$_SESSION['count']++;
}
echo session_name();
echo $_SESSION['count'];
运行一次:
bool(true) m m0
重新加载页面:
bool(true) m m0
应该是(如果会话有效):
bool(true) m m1
session_start()返回 true 表示会话已开始。$_SESSION['count']表示不起作用。会话名称中的非法字符没有警告。
我在手册页上找不到任何提示,也找不到会话有效字符的定义。
PHP 生成如下内容:
Set-Cookie: m+m=unttot9siteipcsrc0r064hn37; path=/
...并且浏览器(Firefox / 23)将其发回:
Cookie: m+m=unttot9siteipcsrc0r064hn37
到现在为止还挺好。但随后 PHP 会生成一个新的会话 ID:
Set-Cookie: m+m=7tmi7kd8n27ef3qdk5q706gk85; path=/
Is it a bug? I'd say it isn't since your session name is clearly invalid:
The session name references the name of the session, which is used in cookies and URLs (e.g. PHPSESSID). It should contain only alphanumeric characters; it should be short and descriptive (i.e. for users with enabled cookie warnings). If name is specified, the name of the current session is changed to its value.
Warning
The session name can't consist of digits only, at least one letter must be present. Otherwise a new session id is generated every time.
If you follow the rules it works as expected:
session_name('mxm');
To sum up:
Edit: Just noticed you say this:
I can not find any hints on the manual page, nor a definition on what is valid characters for a session.
I found that information right in the manual page for session_name().
White space in the session_name() will not work.
session_name('m m');
session_name('mm');