Hello, I am writing this to warn you and because I haven't selected yet witch solution to choose , so your opinion is more than welcomed.
The problem: in some version of iPhone / iPad software the cookies aren't separated by “;” but by comma and doubled. The first fatal to that is
exception '_Exception_FatalError' with message 'session_start(): The session id is too long or contains illegal characters
The cookie that caused was “PHPSESSID=ea4fee7dcf4446d5cd61aabab13a0df2,PHPSESSID=ea4fee7dcf4446d5cd61aabab13a0df2”
PHP parses that like PHPSESSID is “ea4fee7dcf4446d5cd61aabab13a0df2,PHPSESSID=ea4fee7dcf4446d5cd61aabab13a0df” that of course is illegal.
The problem occurs in these devices + software (with * is all that have problem and (something|something) is if it has two values from the HTTP_USER_AGENT
Mozilla/5.0 ( (iPhone|iPad); CPU * like Mac OS X) AppleWebKit/* (KHTML, like Gecko) GSA/8.0.* * Safari/*
As you saw I catch catchable fatal errors , so the first option is that , in the core of the framework to check if there is a an Exception_FatalError that contains that message and if it is re parse HTTP_COOKIE header comma seperated and retry.
The second option is to do that before session_start , (notice that if you alternate $_SERVER[“HTTP_COOKIE”] PHP want rely on that for the session id) , that means an extra if ( HTTP_COOKIE contains comma) and ... that even if cookies with comma as value are valid , this cause an exception generated by fatal error.
The third choice is to act as I didn't understood that. I am sure that everyone that has a iPhone or iPad with such a problem already know that has problem accessing mobile web applications. In few years, there will not be as many.
As I wrote I posted this to warn you but also to read your opinions on how to resolve it (or not) .