Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'

I noticed this in my PHP error log:

开发者_开发百科

Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'

I don't know what's wrong. The session names are called PHPSESSID (default). and have values like: f11m9p7r18pau9s7j9dsk8f1h6.

I am baffled, I don't know what it is trying to tell me, sessions are handled by PHP. I am on shared hosting, but have my sessions stored outside document root so nobody can access them.

---

Don't mind, somebody could simply manipulate the URL like:

http://domain.org/?PHPSESSID=this~won't_work

PHP will see the PHPSESSID-parameter and tries to restore the session using the value(what will fail)

If you like to avoid these errors, use the @-operator on session_start()