Page 1 of 1

Help with sessionId[SOLVED]

Posted: Sun Jul 03, 2005 12:56 pm
by raghavan20
Hi, I wanted to control session hijacking so I thought if I can store the sessionId when the user gets authenticated and compare each page session id with the one that stored in the db when user gets authenticated.

1. I use session_start() in the authentication page when password is verified
2. I store sessionid using session_id() in the db
there is no problem until now
3.I want to access sessionId(I used again session_id()) in other page to check with the entry in the db but I couldnot get the sessionid, it returns nothing.
4.I tried to store a Session variable,
$_SESSION["query"] = $query;($query has got gd content in it)
but this didnot work, i mean, no value is stored in it..why?

why is that? How cld I counter this one?

Posted: Thu Sep 08, 2005 5:46 pm
by J_Iceman05
I'm not sure if this will fix your problem, but if you are not using session_start() on other pages, that might cause php to loose track of the session variables. that has happened to me before, so i just added session_start() to the top of every page... I am no expert by anyone's description, but that might be your problem.
hope it helps, if not let me know... (adding to my knowledge is never a bad thing)
good luck. and if it doesn't work i am sure someone else can help much more than i can.

Posted: Fri Sep 09, 2005 4:08 am
by raghavan20
thanks for replying iceman, that was a problem long time bk.
i did not use session_start in another page. php expects to use session_start in every page where you want to use session and their variables.

Posted: Fri Sep 09, 2005 6:13 am
by patrikG
I think you need to be clear about what session hijacking is: http://en.wikipedia.org/wiki/Session_hijacking

It's an unauthorised third party taking over a session. This could have very serious consequences, e.g. credit card details stolen, orders changed etc.

Good to read http://shiflett.org/articles/the-truth-about-sessions
and
http://www.sitepoint.com/blogs/2004/03/ ... -security/