Session hijacking or attack?

Question

Lately I have seen this in my error log (1 per day, and I have 40k visitors per day):

[22-Sep-2009 21:13:52] PHP Warning: session_start() [function.session-s         


        

Answer 1

By best guess is someone has a bad session id in their session cookie and is causing the error.

I can't see how anyone would use an invalid session id for session hijacking.

If you want to reproduce the error: