seventheyejosh Posted September 16, 2009 Share Posted September 16, 2009 Is it possible to step into an active session on the server? like if person a's session id was 123 and persons b's was ABC, could person B do session_start('123'); (or something like that) and have access to everything that person a has in $_SESSION? Just curious. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 16, 2009 Share Posted September 16, 2009 Person B could edit his cookie, PHPSESSION to another match another persons session ID each session ID is a hex of 32 characters, its called session hi-jacking Quote Link to comment Share on other sites More sharing options...
seventheyejosh Posted September 16, 2009 Author Share Posted September 16, 2009 I was thinking for more of a help aspect. Like if user 'test' is having issues that cannot be reproduced, he can contact an admin, who can log in, switch sessions and see the error. Although, I guess session_encode(); can be called and the string can be sent along with the email, where it can be decoded and made active. There is nothing hidden that wouldn't be encoded right? Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 16, 2009 Share Posted September 16, 2009 To check for errors I would normally just login as that person, and do what they did using the same platform and browser Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.