ID: 26119 Updated by: [EMAIL PROTECTED] Reported By: glattfahrservice at web dot de -Status: Open +Status: Bogus Bug Type: Session related Operating System: Windows XP Professional PHP Version: 4.3.4 New Comment:
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php The checks only validate the session id for special characters etc... You've come across the inherit vulnerability of URL session. Anyone can modify their value and should they stumble across a valid session id of another user become that user. Previous Comments: ------------------------------------------------------------------------ [2003-11-04 14:04:24] glattfahrservice at web dot de Description: ------------ Normally PHP is using some clever algorithms to provide for safe and unique SESSION-IDs. However, when a simple session-id is passed to the script in which session_start() is called, a session with the given ID is generated. e.g.: www.test.com/index.php&PHPSESSID=blabla should not be accepted and a new SESSION-ID should be generated for the session. BUT: this session-ID (blabla) is obviously valid and not rejected. Functionality is not impaired, but right now a visitor is able to "choose" his own session-id. Not very safe, right? I have disabled cookies and turned off trans-sid. Ciao, Dan. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=26119&edit=1
