diff --git a/ChangeLog b/ChangeLog
index e4265d916..10f9b600b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $Source$
 
+2007-01-08 Marc Delisle  <lem9@users.sourceforge.net>
+    * libraries/session.inc.php: prevent attack on session name cookie
+
 2007-01-05 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/session.inc.php: bug #1538132, remove the setting of
       session.save_handler to 'files'
diff --git a/libraries/session.inc.php b/libraries/session.inc.php
index 781b4258f..f229131d2 100644
--- a/libraries/session.inc.php
+++ b/libraries/session.inc.php
@@ -77,7 +77,14 @@ if (version_compare(PHP_VERSION, '5.0.0', 'ge')
 // See bug #1538132. This would block normal behavior on a cluster
 //ini_set('session.save_handler', 'files');
 
-@session_name('phpMyAdmin');
+$session_name = 'phpMyAdmin';
+@session_name($session_name);
+// strictly, PHP 4 since 4.4.2 would not need a verification 
+if (version_compare(PHP_VERSION, '5.1.2', 'lt') 
+ && isset($_COOKIE[$session_name]) 
+ && eregi("\r|\n", $_COOKIE[$session_name])) {
+    die('attacked'); 
+}
 @session_start();
 
 /**