11 files changed, 42 insertions, 14 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c
index 33e177c5d..195104f39 100644
--- a/ext/session/mod_files.c
+++ b/ext/session/mod_files.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -121,7 +121,8 @@ static void ps_files_close(ps_files *data)
 static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 {
 	char buf[MAXPATHLEN];
-    struct stat sbuf;
+	struct stat sbuf;
+	int ret;
 
 	if (data->fd < 0 || !data->lastkey || strcmp(key, data->lastkey)) {
 		if (data->lastkey) {
@@ -164,7 +165,9 @@ static void ps_files_open(ps_files *data, const char *key TSRMLS_DC)
 				return;
 			}
 #endif
-			flock(data->fd, LOCK_EX);
+			do {
+				ret = flock(data->fd, LOCK_EX);
+			} while (ret == -1 && errno == EINTR);
 
 #ifdef F_SETFD
 # ifndef FD_CLOEXEC
@@ -218,7 +221,7 @@ static int ps_files_cleanup_dir(const char *dirname, int maxlifetime TSRMLS_DC)
 				/* NUL terminate it and */
 				buf[dirname_len + entry_len + 1] = '\0';
 
-				/* check whether its last access was more than maxlifet ago */
+				/* check whether its last access was more than maxlifetime ago */
 				if (VCWD_STAT(buf, &sbuf) == 0 &&
 						(now - sbuf.st_mtime) > maxlifetime) {
 					VCWD_UNLINK(buf);
diff --git a/ext/session/mod_files.h b/ext/session/mod_files.h
index d1d26cd39..1c3c2ca94 100644
--- a/ext/session/mod_files.h
+++ b/ext/session/mod_files.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/mod_files.sh b/ext/session/mod_files.sh
index 4fc4f20f7..75ac6a2fd 100644
--- a/ext/session/mod_files.sh
+++ b/ext/session/mod_files.sh
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/usr/bin/env bash
 
 if [[ "$2" = "" ]] || [[ "$3" = "" ]]; then
        echo "Usage: $0 BASE_DIRECTORY DEPTH HASH_BITS"
@@ -61,5 +61,5 @@ echo "Creating session path in $directory with a depth of $depth for session.has
 for i in $hash_chars; do
        newpath="$directory/$i"
        mkdir $newpath || exit 1
-       sh $0 $newpath `expr $depth - 1` $hashbits recurse
+       bash $0 $newpath `expr $depth - 1` $hashbits recurse
 done
diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c
index 319f1d3c7..4303bc5a3 100644
--- a/ext/session/mod_mm.c
+++ b/ext/session/mod_mm.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/mod_mm.h b/ext/session/mod_mm.h
index cafbfa093..f7d3547db 100644
--- a/ext/session/mod_mm.h
+++ b/ext/session/mod_mm.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/mod_user.c b/ext/session/mod_user.c
index 5573d4cdf..237b16223 100644
--- a/ext/session/mod_user.c
+++ b/ext/session/mod_user.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/mod_user.h b/ext/session/mod_user.h
index b1f3688a2..cc6442cbb 100644
--- a/ext/session/mod_user.h
+++ b/ext/session/mod_user.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c
index 2cbe48234..4c24f8afc 100644
--- a/ext/session/mod_user_class.c
+++ b/ext/session/mod_user_class.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index b2866ad03..bd3b48a9c 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
diff --git a/ext/session/session.c b/ext/session/session.c
index d561c558b..dfe5a4db5 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2014 The PHP Group                                |
+   | Copyright (c) 1997-2015 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -2073,6 +2073,11 @@ static PHP_FUNCTION(session_decode)
 static PHP_FUNCTION(session_start)
 {
 	/* skipping check for non-zero args for performance reasons here ?*/
+	if (PS(id) && !strlen(PS(id))) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot start session with empty session ID");
+		RETURN_FALSE;
+	}
+
 	php_session_start(TSRMLS_C);
 
 	if (PS(session_status) != php_session_active) {
diff --git a/ext/session/tests/bug68063.phpt b/ext/session/tests/bug68063.phpt
new file mode 100644
index 000000000..d3da470d0
--- /dev/null
+++ b/ext/session/tests/bug68063.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #68063 (Empty session IDs do still start sessions)
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--INI--
+--FILE--
+<?php
+// Could also be set with a cookie like "PHPSESSID=; path=/"
+session_id('');
+
+// Will still start the session and return true
+var_dump(session_start());
+
+// Returns an empty string
+var_dump(session_id());
+?>
+--EXPECTF--
+Warning: session_start(): Cannot start session with empty session ID in %s on line %d
+bool(false)
+string(0) ""