Page 1 of 1

[Solved] Sessions and shared hosts?

Posted: Sun May 14, 2006 2:08 pm
by alex.barylski
I've stumbled across a problem with my current session class design...

I need to be able to determine whether the session ID stored in cookies or propagated in the URL actually refers to a valid session...

I cannot find a function in the session library which does this...

However I can get the ID of the session and the path where the sessions are stored...

Assuming I can always follow the convention:

Code: Select all

$path/[b]sess_[/b]$sessionid
Where sess_ seems to be the convention used on my local computer...

On a shared host, can I just do something like:

Code: Select all

$path = session_save_path();
$sess = session_id();
echo file_exists("$path/sess_$sess");
Can I safely use the following to detect (on a shared host) whether the session actually exists???

Does SAFE MODE have any effect on me performing this lookup?

Cheers :)

Posted: Sun May 14, 2006 2:17 pm
by alex.barylski
Looks like I found my answer :(

http://phpsec.org/projects/guide/5.html