PHP session_id(); question

  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8416
  • Loc: USA

Post 3+ Months Ago

When you set a session id VIA the session_id(); function, is there any tests you could set it through to make sure if the session id is in a valid format and things like that?
  • righteous_trespasser
  • Scuffle
  • Genius
  • User avatar
  • Posts: 6229
  • Loc: South-Africa

Post 3+ Months Ago

why don't you let php handle that itsself?
  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Posts: 6254
  • Loc: Seattle, WA

Post 3+ Months Ago

Is there a reason you're trying to set the session ID manually instead of letting session_start() generate it?
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13504
  • Loc: Florida

Post 3+ Months Ago

If you're using the usual MD5 session id you can check that the length of the string is exactly 32 characters long and consists of only digits and the letters A-F.

Code: [ Select ]
// Simplify things
$my_session_id = strtolower($my_session_id);

// Determine length
$length = strlen($my_session_id);

// Determine length consisting of only valid MD5 characters
$masked_len = strspn($my_session_id, '1234567890abcdef');

if($length != 32 || $length != $masked_len)
{
// Invalid
// $my_session_id should be exactly 32 characters long
// $masked_len and $length should be the same since
// any invalid characters would result in $masked_len
// being shorter than $length
}
  1. // Simplify things
  2. $my_session_id = strtolower($my_session_id);
  3. // Determine length
  4. $length = strlen($my_session_id);
  5. // Determine length consisting of only valid MD5 characters
  6. $masked_len = strspn($my_session_id, '1234567890abcdef');
  7. if($length != 32 || $length != $masked_len)
  8. {
  9. // Invalid
  10. // $my_session_id should be exactly 32 characters long
  11. // $masked_len and $length should be the same since
  12. // any invalid characters would result in $masked_len
  13. // being shorter than $length
  14. }
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8416
  • Loc: USA

Post 3+ Months Ago

The reason for the checks is because sometimes, I need to do this to be able to travel from domain to sub-domain and vis-versa.

lol I forgot about strtolower(); and strtoupper();... I wrote my own functions for those :oops:

Thanks Joebert for that answer :)

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 45 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.