Re: Question about session_id() and session_start()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, May 20, 2013 at 4:14 PM, Tim Schofield <tim@xxxxxxxxxxxxxxxx> wrote:

> Matijn
>
> There are well over half a million lines of source code in PHP. It seems a
> little unhelpful to tell someone to go and read half a million lines of C
> when you could just tell them the answer?
>
> Thanks
> Tim
>
> Course View Towers,
> Plot 21 Yusuf Lule Road,
> Kampala
> T +256 (0) 312 314 418
> M +256 (0) 752 963 325
> www.weberpafrica.com
> Twitter: @TimSchofield2
> Blog: http://weberpafrica.blogspot.co.uk
> On May 20, 2013 6:24 PM, "Matijn Woudt" <tijnema@xxxxxxxxx> wrote:
>
> > On Mon, May 20, 2013 at 5:33 AM, 孟远涛 <yuantao.meng@xxxxxxxxx> wrote:
> >
> > > I find the Note in PHP document.
> > > http://www.php.net/manual/en/function.session-id.php
> > >
> > > "Note: When using session cookies, specifying an id for session_id()
> will
> > > always send a new cookie when session_start() is called, regardless if
> > the
> > > current session id is identical to the one being set."
> > >
> > > I feel puzzled about this feature. Even if the current session id is
> > > identical to the one one being set, session_start will send a new
> > cookie. I
> > > want to know why session_start behave in this way.
> > >
> > > Forgive my poor English. Thanks in advance.
> > >
> >
> > You will find the answer in the PHP source code.
> > If you don't want this to happen, check if the current session id matches
> > with the value you want to set it to, and don't set if they match.
> >
> > - Matijn
> >
>

I guess it would be to help prevent session hijacks like explained here

http://stackoverflow.com/questions/12233406/preventing-session-hijacking

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux