From: [EMAIL PROTECTED]
Operating system: linux
PHP version: 4.0.4pl1
PHP Bug Type: Feature/Change Request
Bug description: session_start() session_resume() session_create()
WARNING: possible exploitation
When a client requests a PHPSESSID that doesn't exists on the server, session_start()
creates one with the same SID. In this manner the client could write a SID of his
choice, even a long one or a dangerous one. Or more commonly, an HTTP cache somewhere
could send a previously used phpsessid but that was closed.
If session_start() creates a (previously closed) phpsession with the same sid
specified by the client, some ugly effects could happen.
Please make a new function, session_resume() that tries to resume phpsession, but
never to create new one. Viceversa, session_create() should be able only to create.
session_resume($sid) : return TRUE when the specified session exists and thus is
correctly resumed, FALSE otherwise.
session_create($sid) : retun TRUE when a non-existent session is correctly created,
FALSE otherwise
In this manner I could code in this manner:
if (isset($HTTP_GET_VARS['session_id'])) {
$sid = $HTTP_GET_VARS['session_id'])
} else if (isset($HTTP_POST_VARS['session_id'])) {
$sid = $HTTP_POST_VARS['session_id'])
} else if (isset($HTTP_COOKIE_VARS['session_id'])) {
$sid = $HTTP_COOKIE_VARS['session_id'])
};
if (isset($sid)) { // the client requests to resume a session
$ok = session_resume( $sid );
if (!$ok) {
session_create(); // with a NEW random sid
};
} else {
session_create();
};
Alternatively, it would be nice if there is a new function, say session_nstart that
resumes existent phpsession returning "resumed", otherwise creates a new session
*with a different sid*, returning "new".
It is very important for me, thanks!
regards, siva
--
Edit Bug report at: http://bugs.php.net/?id=9170&edit=1
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
