Delphi For PHP Forums       


Go Back   Delphi-PHP Forums > Programming > PHP - Security
How does the session id work? How does the session id work?
Forum Jump Register FAQ Members List Downloads Search Today's Posts Mark Forums Read

PHP - Security What's the best way to protect your PHP applications? Questions and answers should be posted here.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 17th June 2009, 09:15
D4PHP User
  
Join Date: Dec 2008
Posts: 46
Holgerwa is on a distinguished road
Default How does the session id work?
If I start a session with session_start() and there was no session before, a new session id is created and from now on handed out to all pages that follow the current one (if I understand this correctly).

But doesn't that mean that any given page will take the session id that is handed to it and use it as a valid session?
In this case, an intruder could just pass any session id to a page and prevent it from creating a new session when it really should.

What am I missing? How does it really work?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 17th June 2009, 13:11
405hp's Avatar
Firebug Fanatic
  
Join Date: Dec 2007
Location: State of Confusion
Posts: 3,272
405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute405hp has a reputation beyond repute
Default
PHP: Introduction - Manual

Basically session is a temporary var array that is stored on the server and accessed via the session id returned from the client. If the id returned is invalid then the session wont exist on the server to continue.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 18th June 2009, 06:37
D4PHP User
  
Join Date: Dec 2008
Posts: 46
Holgerwa is on a distinguished road
Default
Thanks for your answer, it's getting clearer now... :-)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« BasicAutentication don't work at OVH.com | MySQL connection data in XML file »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +1. The time now is 23:09.

Contact Us - Advertise - Delphi-PHP Blog - Archive - Top



Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2004 - 2009, G&J Solutions Ltd. All Rights Reserved. terms of use