Help
Why get same session id with "?PHPSESSID=1234" and "?PHPSESSID=5678"?
Book PHP, MySQL & Javascript (Author Robin Nixon)
page 294
Section Preventing session fixation
Example 13-9. A session susceptible to session fixation
<?php // sessiontest.php
session_start();
if (!isset($_SESSION['count'])) $_SESSION['count'] = 0;
else ++$_SESSION['count'];
echo $_SESSION['count'];
?>
Book said: use url http://myserver.com/...?PHPSESSID=1234 and
url http://myserver.com/...?PHPSESSID=5678
will generate two diffreent session.
When I test it, it looks the count number always increse. It seems the I get same session.
So, I add following lines to test it again,
$ses_id = session_id();
echo "session id: ".$ses_id.'<br />';
I get results below:
---------------------------------------------------------
session id: ifbck2u7oghe82mmbin64ikn66
10
-------------------------------------------------------
<?php // sessiontest.php
session_start();
$ses_id = session_id();
echo "session id: ".$ses_id.'<br />';
if (!isset($_SESSION['count'])) $_SESSION['count'] = 0;
else ++$_SESSION['count'];
echo $_SESSION['count'];
?>
|
|
|||
|
Welcome
O'Reilly Answers is a community site for sharing knowledge, asking questions, and providing answers that brings together our customers, authors, editors, conference speakers, and Foo (Friends of O'Reilly). More »
|
|||
© 2013, O’Reilly Media, Inc. (707) 827-7019 (800) 889-8969 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
