Hi, I wanted to control session hijacking so I thought if I can store the sessionId when the user gets authenticated and compare each page session id with the one that stored in the db when user gets authenticated.
1. I use session_start() in the authentication page when password is verified
2. I store sessionid using session_id() in the db
there is no problem until now
3.I want to access sessionId(I used again session_id()) in other page to check with the entry in the db but I couldnot get the sessionid, it returns nothing.
4.I tried to store a Session variable,
$_SESSION["query"] = $query;($query has got gd content in it)
but this didnot work, i mean, no value is stored in it..why?
why is that? How cld I counter this one?
Help with sessionId[SOLVED]
Moderator: General Moderators
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
Help with sessionId[SOLVED]
Last edited by raghavan20 on Fri Sep 09, 2005 4:09 am, edited 1 time in total.
- J_Iceman05
- Forum Commoner
- Posts: 72
- Joined: Wed Aug 03, 2005 10:52 am
- Location: Las Vegas, NV
I'm not sure if this will fix your problem, but if you are not using session_start() on other pages, that might cause php to loose track of the session variables. that has happened to me before, so i just added session_start() to the top of every page... I am no expert by anyone's description, but that might be your problem.
hope it helps, if not let me know... (adding to my knowledge is never a bad thing)
good luck. and if it doesn't work i am sure someone else can help much more than i can.
hope it helps, if not let me know... (adding to my knowledge is never a bad thing)
good luck. and if it doesn't work i am sure someone else can help much more than i can.
- raghavan20
- DevNet Resident
- Posts: 1451
- Joined: Sat Jun 11, 2005 6:57 am
- Location: London, UK
- Contact:
I think you need to be clear about what session hijacking is: http://en.wikipedia.org/wiki/Session_hijacking
It's an unauthorised third party taking over a session. This could have very serious consequences, e.g. credit card details stolen, orders changed etc.
Good to read http://shiflett.org/articles/the-truth-about-sessions
and
http://www.sitepoint.com/blogs/2004/03/ ... -security/
It's an unauthorised third party taking over a session. This could have very serious consequences, e.g. credit card details stolen, orders changed etc.
Good to read http://shiflett.org/articles/the-truth-about-sessions
and
http://www.sitepoint.com/blogs/2004/03/ ... -security/