--- embedaddon/php/ext/session/session.c	2013/10/14 08:02:30	1.1.1.4
+++ embedaddon/php/ext/session/session.c	2014/06/15 20:03:55	1.1.1.5
@@ -2,7 +2,7 @@
    +----------------------------------------------------------------------+
    | PHP Version 5                                                        |
    +----------------------------------------------------------------------+
-   | Copyright (c) 1997-2013 The PHP Group                                |
+   | Copyright (c) 1997-2014 The PHP Group                                |
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.01 of the PHP license,      |
    | that is bundled with this package in the file LICENSE, and is        |
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: session.c,v 1.1.1.4 2013/10/14 08:02:30 misho Exp $ */
+/* $Id: session.c,v 1.1.1.5 2014/06/15 20:03:55 misho Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -618,11 +618,10 @@ static PHP_INI_MH(OnUpdateSaveDir) /* {{{ */
 static PHP_INI_MH(OnUpdateName) /* {{{ */
 {
 	/* Numeric session.name won't work at all */
-	if (PG(modules_activated) &&
-		(!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) {
+	if ((!new_value_length || is_numeric_string(new_value, new_value_length, NULL, NULL, 0))) {
 		int err_type;
 
-		if (stage == ZEND_INI_STAGE_RUNTIME) {
+		if (stage == ZEND_INI_STAGE_RUNTIME || stage == ZEND_INI_STAGE_ACTIVATE || stage == ZEND_INI_STAGE_STARTUP) {
 			err_type = E_WARNING;
 		} else {
 			err_type = E_ERROR;
@@ -1184,6 +1183,49 @@ static int php_session_cache_limiter(TSRMLS_D) /* {{{ 
 #define COOKIE_SECURE	"; secure"
 #define COOKIE_HTTPONLY	"; HttpOnly"
 
+/*
+ * Remove already sent session ID cookie.
+ * It must be directly removed from SG(sapi_header) because sapi_add_header_ex()
+ * removes all of matching cookie. i.e. It deletes all of Set-Cookie headers.
+ */
+static void php_session_remove_cookie(TSRMLS_D) {
+	sapi_header_struct *header;
+	zend_llist *l = &SG(sapi_headers).headers;
+	zend_llist_element *next;
+	zend_llist_element *current;
+	char *session_cookie, *e_session_name;
+	int session_cookie_len, len = sizeof("Set-Cookie")-1;
+
+	e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);
+	spprintf(&session_cookie, 0, "Set-Cookie: %s=", e_session_name);
+	efree(e_session_name);
+
+	session_cookie_len = strlen(session_cookie);
+	current = l->head;
+	while (current) {
+		header = (sapi_header_struct *)(current->data);
+		next = current->next;
+		if (header->header_len > len && header->header[len] == ':'
+			&& !strncmp(header->header, session_cookie, session_cookie_len)) {
+			if (current->prev) {
+				current->prev->next = next;
+			} else {
+				l->head = next;
+			}
+			if (next) {
+				next->prev = current->prev;
+			} else {
+				l->tail = current->prev;
+			}
+			sapi_free_header(header);
+			efree(current);
+			--l->count;
+		}
+		current = next;
+	}
+	efree(session_cookie);
+}
+
 static void php_session_send_cookie(TSRMLS_D) /* {{{ */
 {
 	smart_str ncookie = {0};
@@ -1249,8 +1291,7 @@ static void php_session_send_cookie(TSRMLS_D) /* {{{ *
 
 	smart_str_0(&ncookie);
 
-	/*	'replace' must be 0 here, else a previous Set-Cookie
-		header, probably sent with setcookie() will be replaced! */
+	php_session_remove_cookie(TSRMLS_C); /* remove already sent session ID cookie */
 	sapi_add_header_ex(ncookie.c, ncookie.len, 0, 0 TSRMLS_CC);
 }
 /* }}} */