Back To Programming / Scripting / Coding Forum

PHP session_id(); question

  • Bogey
  • Bogey
  • Genius
  • User avatar
  • Joined: Jul 14, 2005
  • Posts: 8211
  • Loc: USA
  • Status: Offline

Post December 27th, 2008, 5:28 pm

When you set a session id VIA the session_id(); function, is there any tests you could set it through to make sure if the session id is in a valid format and things like that?
"Bring forth therefore fruits meet for repentance:" Matthew 3:8
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post December 27th, 2008, 5:28 pm

  • righteous_trespasser
  • Scuffle
  • Genius
  • User avatar
  • Joined: Mar 12, 2007
  • Posts: 6228
  • Loc: South-Africa
  • Status: Offline

Post January 5th, 2009, 11:59 pm

why don't you let php handle that itsself?
Let's leave all our *plum* where it is and go live in the jungle ...
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Joined: Sep 22, 2003
  • Posts: 6130
  • Loc: Seattle, WA
  • Status: Offline

Post January 6th, 2009, 12:07 am

Is there a reason you're trying to set the session ID manually instead of letting session_start() generate it?
The Beer Monocle. Classy.
  • joebert
  • Sledgehammer
  • Genius
  • No Avatar
  • Joined: Feb 10, 2004
  • Posts: 13455
  • Loc: Florida
  • Status: Offline

Post January 6th, 2009, 10:51 pm

If you're using the usual MD5 session id you can check that the length of the string is exactly 32 characters long and consists of only digits and the letters A-F.

Code: [ Select ]
// Simplify things
$my_session_id = strtolower($my_session_id);

// Determine length
$length = strlen($my_session_id);

// Determine length consisting of only valid MD5 characters
$masked_len = strspn($my_session_id, '1234567890abcdef');

if($length != 32 || $length != $masked_len)
{
// Invalid
// $my_session_id should be exactly 32 characters long
// $masked_len and $length should be the same since
// any invalid characters would result in $masked_len
// being shorter than $length
}
  1. // Simplify things
  2. $my_session_id = strtolower($my_session_id);
  4. // Determine length
  5. $length = strlen($my_session_id);
  7. // Determine length consisting of only valid MD5 characters
  8. $masked_len = strspn($my_session_id, '1234567890abcdef');
  10. if($length != 32 || $length != $masked_len)
  11. {
  12. // Invalid
  13. // $my_session_id should be exactly 32 characters long
  14. // $masked_len and $length should be the same since
  15. // any invalid characters would result in $masked_len
  16. // being shorter than $length
  17. }
Strong with this one, the sudo is.
  • Bogey
  • Bogey
  • Genius
  • User avatar
  • Joined: Jul 14, 2005
  • Posts: 8211
  • Loc: USA
  • Status: Offline

Post January 7th, 2009, 5:23 pm

The reason for the checks is because sometimes, I need to do this to be able to travel from domain to sub-domain and vis-versa.

lol I forgot about strtolower(); and strtoupper();... I wrote my own functions for those :oops:

Thanks Joebert for that answer :)
"Bring forth therefore fruits meet for repentance:" Matthew 3:8

Page 1 of 1

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 165 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.