[nycphp-talk] preventing randomized session variable from changing when page is refreshed
Adrian Videnie
avidenie at gmail.com
Thu Aug 21 04:00:44 EDT 2008
Kristina Anderson wrote:
> $rand=rand(1,9);
> $session_id=$rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);
> $session_id.=substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);
> session_id($session_id);
> session_start();
>
> $_SESSION['sessionid'] = $session_id;
>
OH my God!
http://www.php.net/session
http://www.php.net/session_regenerate_id
Adrian
More information about the talk
mailing list