Page 1 of 1

a question about sessions

Posted: Wed Dec 14, 2005 12:04 am
by itsmani1
hello every one.....


this a general knowledge question !

For example there is a page where you are using sessions of php and the page has 20,000 users at the same time. what type of issues developer can face? the basic purpose of this question is:

is there any thing that depends on your coding or you can say the way you are handling your sessions.

any type of answer, comment or question will be welcomed.


thanx.
Abdul Mannan.

Posted: Wed Dec 14, 2005 1:03 am
by shiznatix
each user is going to get a seperate session id and that is going to be their session file on the server and will be unique. there are ways for a user to "steal" someone elses session but I don't think its possible for a php script to have a session id collision

Posted: Thu Dec 15, 2005 1:29 am
by itsmani1
any guess or hint about stealing session of some one else.

i mean how can some one steal session of other user?

thanx.
Mannan.

Posted: Thu Dec 15, 2005 2:31 am
by php3ch0
You can steal a session cookie from the users computer or the log on a proxy server. It would then be a case of moving this into the correct directory and using this cookie to access the website.

To make sure your sessions are secure set the remote address in the cookie and check it using this code:

Code: Select all

session_start(); 

$session_vars = array($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']); 

$_SESSION['valid'] = $session_vars; 

function session_check() 
{ 
    if ($session_vars[0] != $_SERVER['REMOTE_ADDR'] || $session_vars[1] != $_SERVER['HTTP_USER_AGENT']) 
    { 
        echo('Go hack someone else'); 
        exit(); 
    } 
}