When the value of "session.sid_bits_per_character" changed, an error occurs when initializing a new instance of
Zend_Session_Namespace.
In Zend_Session::start(), the session ID is checked but before session_start() the value returned by session_id() is empty an pass the validation.
After session started, when you create an new instance of Zend_Session_Namespace, Zend_Session::start() is called again and now session_id() return the value from the cookie. If the ID is invalid, Zend_Session attempt to change it with Zend_Session::setId() and generate the error "The session has already been started" because session have previously started.
This is a problem when you migrate from older config to newer one because you cannot force a new browser session by deleting the session data from the server.
I think, checking session ID is not the role of Zend Framework but of PHP.
I suggest to remove this code portion from Zend_Session::start :
// Check to see if we've been passed an invalid session ID
if ( self::getId() && !self::_checkId(self::getId()) ) {
// Generate a valid, temporary replacement
self::setId(md5(self::getId()));
// Force a regenerate after session is started
self::$_regenerateIdState = -1;
}
When the value of "session.sid_bits_per_character" changed, an error occurs when initializing a new instance of Zend_Session_Namespace. In Zend_Session::start(), the session ID is checked but before session_start() the value returned by session_id() is empty an pass the validation. After session started, when you create an new instance of Zend_Session_Namespace, Zend_Session::start() is called again and now session_id() return the value from the cookie. If the ID is invalid, Zend_Session attempt to change it with Zend_Session::setId() and generate the error "The session has already been started" because session have previously started.
This is a problem when you migrate from older config to newer one because you cannot force a new browser session by deleting the session data from the server.
I think, checking session ID is not the role of Zend Framework but of PHP.
I suggest to remove this code portion from Zend_Session::start :