[PHP-DEV] Bug #9170 Updated: session_start() session_resume() session_create()

Mon, 28 Jan 2002 16:41:47 -0800 

ID: 9170
Updated by: yohgaki
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Bogus
Bug Type: Feature/Change Request
Operating System: linux
PHP Version: 4.0.4pl1
New Comment:

I made this bogus, please ask why in php-general.


Previous Comments:
------------------------------------------------------------------------

[2001-02-08 04:23:13] [EMAIL PROTECTED]

WARNING: possible exploitation
When a client requests a PHPSESSID that doesn't exists on the server,
session_start() creates one with the same SID. In this manner the
client could write a SID of his choice, even a long one or a dangerous
one. Or more commonly, an HTTP cache somewhere could send a previously
used phpsessid but that was closed. 
If session_start() creates a (previously closed) phpsession with the
same sid specified by the client, some ugly effects could happen. 

Please make a new function, session_resume() that tries to resume
phpsession, but never to create new one. Viceversa, session_create()
should be able only to create.

session_resume($sid) : return TRUE when the specified session exists
and thus is correctly resumed, FALSE otherwise.
session_create($sid) : retun TRUE when a non-existent session is
correctly created, FALSE otherwise

In this manner I could code in this manner: 

if (isset($HTTP_GET_VARS['session_id'])) {
         $sid = $HTTP_GET_VARS['session_id'])

} else if (isset($HTTP_POST_VARS['session_id'])) {
         $sid = $HTTP_POST_VARS['session_id'])

} else if (isset($HTTP_COOKIE_VARS['session_id'])) {
         $sid = $HTTP_COOKIE_VARS['session_id'])

};

if (isset($sid)) {          // the client requests to resume a session
         $ok = session_resume( $sid );
         if (!$ok) { 
          session_create(); // with a NEW random sid
         };      

} else {
         session_create();  

};

Alternatively, it would be nice if there is a new function, say
session_nstart that resumes existent phpsession returning "resumed",
otherwise creates a new session  *with a different sid*, returning
"new".

It is very important for me, thanks!
regards, siva

------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=9170&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to