[Solved] Sessions and shared hosts?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

[Solved] Sessions and shared hosts?

Post by alex.barylski »

I've stumbled across a problem with my current session class design...

I need to be able to determine whether the session ID stored in cookies or propagated in the URL actually refers to a valid session...

I cannot find a function in the session library which does this...

However I can get the ID of the session and the path where the sessions are stored...

Assuming I can always follow the convention:

Code: Select all

$path/[b]sess_[/b]$sessionid
Where sess_ seems to be the convention used on my local computer...

On a shared host, can I just do something like:

Code: Select all

$path = session_save_path();
$sess = session_id();
echo file_exists("$path/sess_$sess");
Can I safely use the following to detect (on a shared host) whether the session actually exists???

Does SAFE MODE have any effect on me performing this lookup?

Cheers :)
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Looks like I found my answer :(

http://phpsec.org/projects/guide/5.html
Post Reply