 |
 |
 |
 |
|
|
Date: 10/02/00
- Next message: motasem dana: "[phplib] Connecting to oracle 8"
- Previous message: Bryan Willett: "[phplib] postgresql and getlastoid"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
you probably can't.
the session id is created by something like:
$id=md5(uniqueid("SOME_HASH_YOU_PRIVIDED"));
there is no way to test if the $id is correct, there is no real need to, the
only thing that has to be done is to check if the sesion id is not already
in the active_sessions table (if its a new session of course). If some user
supplies you with a session id=2, that should not be a problem. The reason
the session id is so difficult is because it should be hard to guess. If
someone could gues the session id he could take over the session.
Maurice
----- Original Message -----
From: "Lars Heuer" <heuer <email protected>>
To: "PHPLIB-Mailinglist" <phplib <email protected>>
Sent: Sunday, October 01, 2000 12:05 AM
Subject: [phplib] Valid Session ID
> Hi!
>
> How can I check, if a session id is valid or not? If a user sets a
> session id like session=2 PHPLib accepts this id (see table
> "active_sessions"). I think, it's not enough to check if the id has a
> length of 32 chars.
>
> Regards
> lars
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: motasem dana: "[phplib] Connecting to oracle 8"
- Previous message: Bryan Willett: "[phplib] postgresql and getlastoid"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]