seventheyejosh Posted September 16, 2009 Share Posted September 16, 2009 Is it possible to step into an active session on the server? like if person a's session id was 123 and persons b's was ABC, could person B do session_start('123'); (or something like that) and have access to everything that person a has in $_SESSION? Just curious. Link to comment https://forums.phpfreaks.com/topic/174498-step-into-session/ Share on other sites More sharing options...
MadTechie Posted September 16, 2009 Share Posted September 16, 2009 Person B could edit his cookie, PHPSESSION to another match another persons session ID each session ID is a hex of 32 characters, its called session hi-jacking Link to comment https://forums.phpfreaks.com/topic/174498-step-into-session/#findComment-919717 Share on other sites More sharing options...
seventheyejosh Posted September 16, 2009 Author Share Posted September 16, 2009 I was thinking for more of a help aspect. Like if user 'test' is having issues that cannot be reproduced, he can contact an admin, who can log in, switch sessions and see the error. Although, I guess session_encode(); can be called and the string can be sent along with the email, where it can be decoded and made active. There is nothing hidden that wouldn't be encoded right? Link to comment https://forums.phpfreaks.com/topic/174498-step-into-session/#findComment-919725 Share on other sites More sharing options...
MadTechie Posted September 16, 2009 Share Posted September 16, 2009 To check for errors I would normally just login as that person, and do what they did using the same platform and browser Link to comment https://forums.phpfreaks.com/topic/174498-step-into-session/#findComment-919730 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.