I just upgraded a client site to the latest release, and experienced the “Disallowed key characters” thing again. I’m writing down my fix in case someone experiences the same thing.
I am unsure of why this happens, but it seems that the cookie cleaning operations fails on some cookie values, even if they have nothing to do with your ExpressionEngine install.
Anyway, here is how I got it to work:
In my config.php, I set the cookie prefix:
$config['cookie_prefix'] = 'prefix'; // Obviously, not the one I actually use…Then, I opened up codeigniter/system/core/Input.php, and on line 459, changed:
foreach($_COOKIE as $key => $val)
{
$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}to
foreach($_COOKIE as $key => $val)
{
if (substr($key, 0 , 6) == 'prefix') // Check for the same cookie prefix, make sure the length (6) matches the prefix length
{
$_COOKIE[$this->_clean_input_keys($key)] = $this->_clean_input_data($val);
}
}This should force ExpressionEngine to only clean the cookies that are relevant for it, leaving any others alone.
If anyone has comments or improvements, I’m all ears.
(The first time I did this was minutes after the site launched a while ago, and none of the employees at the client could access the site. In my case at least, the problem seemed related to those that had accessed the site while it was being developed. Searching and hacking a live site was no fun.)
Best,
Pål