The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,'

Question

How to solve :

Warning: session_start() [function.session-start]: The session id is too long or contains illegal characters, valid characters are a-z, A-

Answer 1

It is an information vulnerability: a malicious attacker may alter the cookies and assign illegal characters to PHPSESSID to expose this PHP warning, which in fact contains juicy information like the file path and the username!