Log session ID lengths on failure

author: Christian Göttsche 2026-02-22 22:11:05 +0100
committer: Julien Voisin 2026-02-22 23:58:33 +0100
commit: 31d70da1ff61480f51b8ca747bc8c8d8a37c5061 (patch)
tree: 8d18c65e60aa9c4d31df4c234b8a580688295978
parent: b441bfe693435f5d8c8ae4fd04ec3d4dae49070f (diff)
3 files changed, 7 insertions, 7 deletions
diff --git a/src/sp_session.c b/src/sp_session.c
index 228e581..568271b 100644
--- a/src/sp_session.c
+++ b/src/sp_session.c
@@ -22,15 +22,15 @@ static int (*old_s_write)(PS_WRITE_ARGS);
 static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL;
 static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL;
-static void check_sid_length(zend_string *sid) {
+static void check_sid_length(const zend_string *sid) {
  const sp_config_session *cfg = &(SPCFG(session));
  if (sid) {
    if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) {
-      sp_log_auto("session", cfg->simulation, "Session ID is too short");
+      sp_log_auto("session", cfg->simulation, "Session ID is too short (sid=%zu min=%zu)", ZSTR_LEN(sid), (size_t)cfg->sid_min_length);
    }
    if (cfg->sid_max_length && ZSTR_LEN(sid) > cfg->sid_max_length) {
-      sp_log_auto("session", cfg->simulation, "Session ID is too long");
+      sp_log_auto("session", cfg->simulation, "Session ID is too long (sid=%zu max=%zu)", ZSTR_LEN(sid), (size_t)cfg->sid_max_length);
    }
  }
 }
diff --git a/src/tests/sid_too_long.phpt b/src/tests/sid_too_long.phpt
index 85f7fc2..5dd5a9f 100644
--- a/src/tests/sid_too_long.phpt
+++ b/src/tests/sid_too_long.phpt
@@ -14,6 +14,6 @@ session_start();
 echo strlen(session_id());
 ?>
 --EXPECTF--
-Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long in %a.php on line %d
+Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long (sid=33 max=32) in %a.php on line %d
-Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long in Unknown on line 0
-\ No newline at end of file
+Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long (sid=33 max=32) in Unknown on line 0
diff --git a/src/tests/sid_too_short.phpt b/src/tests/sid_too_short.phpt
index 3ebbc58..d4e02ba 100644
--- a/src/tests/sid_too_short.phpt
+++ b/src/tests/sid_too_short.phpt
@@ -14,6 +14,6 @@ session_start();
 echo strlen(session_id());
 ?>
 --EXPECTF--
-Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short in %a.php on line %d
+Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short (sid=3 min=10) in %a.php on line %d
-Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short in Unknown on line 0
-\ No newline at end of file
+Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short (sid=3 min=10) in Unknown on line 0
author	Christian Göttsche	2026-02-22 22:11:05 +0100
committer	Julien Voisin	2026-02-22 23:58:33 +0100
commit	31d70da1ff61480f51b8ca747bc8c8d8a37c5061 (patch)
tree	8d18c65e60aa9c4d31df4c234b8a580688295978
parent	b441bfe693435f5d8c8ae4fd04ec3d4dae49070f (diff)

diff --git a/src/sp_session.c b/src/sp_session.c index 228e581..568271b 100644 --- a/src/sp_session.c +++ b/src/sp_session.c
@@ -22,15 +22,15 @@ static int (*old_s_write)(PS_WRITE_ARGS);
22	static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL;	22	static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL;
23	static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL;	23	static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL;
24		24
25	static void check_sid_length(zend_string *sid) {	25	static void check_sid_length(const zend_string *sid) {
26	const sp_config_session *cfg = &(SPCFG(session));	26	const sp_config_session *cfg = &(SPCFG(session));
27		27
28	if (sid) {	28	if (sid) {
29	if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) {	29	if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) {
30	sp_log_auto("session", cfg->simulation, "Session ID is too short");	30	sp_log_auto("session", cfg->simulation, "Session ID is too short (sid=%zu min=%zu)", ZSTR_LEN(sid), (size_t)cfg->sid_min_length);
31	}	31	}
32	if (cfg->sid_max_length && ZSTR_LEN(sid) > cfg->sid_max_length) {	32	if (cfg->sid_max_length && ZSTR_LEN(sid) > cfg->sid_max_length) {
33	sp_log_auto("session", cfg->simulation, "Session ID is too long");	33	sp_log_auto("session", cfg->simulation, "Session ID is too long (sid=%zu max=%zu)", ZSTR_LEN(sid), (size_t)cfg->sid_max_length);
34	}	34	}
35	}	35	}
36	}	36	}


diff --git a/src/tests/sid_too_long.phpt b/src/tests/sid_too_long.phpt index 85f7fc2..5dd5a9f 100644 --- a/src/tests/sid_too_long.phpt +++ b/src/tests/sid_too_long.phpt
@@ -14,6 +14,6 @@ session_start();
14	echo strlen(session_id());	14	echo strlen(session_id());
15	?>	15	?>
16	--EXPECTF--	16	--EXPECTF--
17	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long in %a.php on line %d	17	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long (sid=33 max=32) in %a.php on line %d
18		18
19	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long in Unknown on line 0 \ No newline at end of file	19	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long (sid=33 max=32) in Unknown on line 0


diff --git a/src/tests/sid_too_short.phpt b/src/tests/sid_too_short.phpt index 3ebbc58..d4e02ba 100644 --- a/src/tests/sid_too_short.phpt +++ b/src/tests/sid_too_short.phpt
@@ -14,6 +14,6 @@ session_start();
14	echo strlen(session_id());	14	echo strlen(session_id());
15	?>	15	?>
16	--EXPECTF--	16	--EXPECTF--
17	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short in %a.php on line %d	17	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short (sid=3 min=10) in %a.php on line %d
18		18
19	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short in Unknown on line 0 \ No newline at end of file	19	Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short (sid=3 min=10) in Unknown on line 0