php session security problem analysis

2020-05-09 18:16:47
OfStack

Therefore, our main solution is to verify the effectiveness of session ID.
The following is a quote:

 
<?php 
if(!isset($_SESSION['user_agent'])){ 
$_SESSION['user_agent'] =$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']; 
} 
/*  If the user session ID Was a fake  */ 
elseif ($_SESSION['user_agent'] != $_SERVER['REMOTE_ADDR'] .$_SERVER['HTTP_USER_AGENT']) { 
session_regenerate_id(); 
} 
?>

Source code analysis of CI framework security class Security. php
session logout problem in php
session in Laravel 5.4. 36 did not save a solution to the successful problem
Solution to the problem of phpmyadmin Cannot start session without errors
Security Analysis of Hash Cryptography in PHP