If you use siteaccess with dot (possibly other non-alphanumeric characters, too) in name, the session is not preserved between page loads. This breaks at least the Shop Basket.

This is due to eZ Publish using PHP4's implementation of session, where session name is restricted to alphanumeric characters only, as documented in http://pl.php.net/session_name

With default settings (as created by installation wizard), session name is generated from siteaccess name.

The attached patch attepts to fix the problem, by:

• translating all non-alphanumeric characters to underscore (_) in name of session
• appending MD5 hash of siteaccess to name of session, to deal with cases when siteaccesses names differ only in special characters.

Please, please, consider this patch, as the current limitation of valid characters can cause some major pain. There's no mechanics in place to inform developer that session name is invalid. This result in quarters or even hours of needless bughunt.

Steps to reproduce

• create an siteaccess with dot (.) in name
• in site.ini set SessionNameHandler to 'custom' and SessionNamePerSiteAccess to 'enabled' (those are default settings as set by setup wizard)
• in the siteaccess add a product to basket; the product is not being added as every load of page creates a new session
• you can observe the value of session cookie change after every page reload, every click on link