Help with sessionId[SOLVED]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Help with sessionId[SOLVED]

Post by raghavan20 »

Hi, I wanted to control session hijacking so I thought if I can store the sessionId when the user gets authenticated and compare each page session id with the one that stored in the db when user gets authenticated.

1. I use session_start() in the authentication page when password is verified
2. I store sessionid using session_id() in the db
there is no problem until now
3.I want to access sessionId(I used again session_id()) in other page to check with the entry in the db but I couldnot get the sessionid, it returns nothing.
4.I tried to store a Session variable,
$_SESSION["query"] = $query;($query has got gd content in it)
but this didnot work, i mean, no value is stored in it..why?

why is that? How cld I counter this one?
Last edited by raghavan20 on Fri Sep 09, 2005 4:09 am, edited 1 time in total.
User avatar
J_Iceman05
Forum Commoner
Posts: 72
Joined: Wed Aug 03, 2005 10:52 am
Location: Las Vegas, NV

Post by J_Iceman05 »

I'm not sure if this will fix your problem, but if you are not using session_start() on other pages, that might cause php to loose track of the session variables. that has happened to me before, so i just added session_start() to the top of every page... I am no expert by anyone's description, but that might be your problem.
hope it helps, if not let me know... (adding to my knowledge is never a bad thing)
good luck. and if it doesn't work i am sure someone else can help much more than i can.
User avatar
raghavan20
DevNet Resident
Posts: 1451
Joined: Sat Jun 11, 2005 6:57 am
Location: London, UK
Contact:

Post by raghavan20 »

thanks for replying iceman, that was a problem long time bk.
i did not use session_start in another page. php expects to use session_start in every page where you want to use session and their variables.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

I think you need to be clear about what session hijacking is: http://en.wikipedia.org/wiki/Session_hijacking

It's an unauthorised third party taking over a session. This could have very serious consequences, e.g. credit card details stolen, orders changed etc.

Good to read http://shiflett.org/articles/the-truth-about-sessions
and
http://www.sitepoint.com/blogs/2004/03/ ... -security/
Post Reply