php session security problem analysis
- 2020-05-09 18:16:47
- OfStack
Therefore, our main solution is to verify the effectiveness of session ID.
The following is a quote:
The following is a quote:
<?php
if(!isset($_SESSION['user_agent'])){
$_SESSION['user_agent'] =$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];
}
/* If the user session ID Was a fake */
elseif ($_SESSION['user_agent'] != $_SERVER['REMOTE_ADDR'] .$_SERVER['HTTP_USER_AGENT']) {
session_regenerate_id();
}
?>