Code Forums - View Single Post - Keeping sessions unique when someone links with SESSID?

idx · 02-12-2005, 08:23 AM

Turn off trans_sid in your php.ini so your site requires the use of cookies.. I don't always like to do this, but I don't think it's out of the question..

This might be mentioned in the session security link that technobard posted, but you may want to save a unique key in the session that is made up with the user's user agent/etc... Maybe even run that string through md5() and compare that on each page.

eg:

PHP Code:


			
  $str = md5($_SERVER['HTTP_USER_AGENT'] + md5("foo string goes here"));

  $_SESSION['MAGIC_STRING'] = $str;

.. then check that var each time to ensure it's the same..

-r

02-12-2005, 08:23 AM	#12 (permalink)
idx Senior Grasshopper Join Date: Jun 2003 Location: FL Posts: 317	Turn off trans_sid in your php.ini so your site requires the use of cookies.. I don't always like to do this, but I don't think it's out of the question.. This might be mentioned in the session security link that technobard posted, but you may want to save a unique key in the session that is made up with the user's user agent/etc... Maybe even run that string through md5() and compare that on each page. eg: PHP Code: `$str = md5($_SERVER['HTTP_USER_AGENT'] + md5("foo string goes here")); $_SESSION['MAGIC_STRING'] = $str;` .. then check that var each time to ensure it's the same.. -r