mancroft Posted June 21, 2006 Share Posted June 21, 2006 Occasional session problemHelloI have done a logger: thelogger.php. This usually works OK BUT sometimes a user lands on the site, sets the session ID as 4re3ccc...etc and then goes to another file and a new session ID xc3zkf...etc gets set.The user agent appears to be a standard browser e.g.Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)and not a crawler.Any idea as to the cause and solution?Thank you.Here is the code at the top of the logger file. This file is accessed at the top of every php file by using:[code]<?php include("thelogger.php"); ?>[/code]The GetTheId() function is used to get the session ID when putting it into the database.[code]<?php session_start();header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");header("Cache-Control: no-store, no-cache, must-revalidate");header("Cache-Control: post-check=0, pre-check=0", false);header("Pragma: no-cache"); function GetTheId(){ if(isset($_COOKIE["theId"])){return $_COOKIE["theId"];} else{session_start();setcookie("theId", session_id(), time() + 36000, "/", "",0);return session_id();}}[/code] Quote Link to comment https://forums.phpfreaks.com/topic/12550-occasional-session-problem/ Share on other sites More sharing options...
wildteen88 Posted June 21, 2006 Share Posted June 21, 2006 You say the user is changing the session id! If the user can change the session id then it looks like you script has a major security flaw!! Quote Link to comment https://forums.phpfreaks.com/topic/12550-occasional-session-problem/#findComment-48085 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.