Re: [PHP] Cookies.

Tue, 30 Aug 2005 05:29:45 -0700 

Dear Jasper,
I think the session hash function is set to 32, and MD5 is selected, as the following lines of code show: 
----------------------------------------------------------
function Session($sessionName="SESSID") {
       $this->sendNoCacheHeader();

       //  Session-Namen setzen, Session initialisieren
       session_name(isset($sessionName)
           ? $sessionName
           : session_name());

       @session_start();

       //  Prüen ob die Session-ID die Standardlänge
       //  von 32 Zeichen hat,
       //  ansonsten Session-ID neu setzen
       if (strlen(session_id()) != 32)
           {
               mt_srand ((double)microtime()*1000000);
               session_id(md5(uniqid(mt_rand())));
           }
----------------------------------------------------------
The sentence die($_COOKIE[session_name()]), when executed, shows this value: 211b78tfl8umggkdh1ak7jrbf3 (a string of 26 characters long). 

Thank you very much, again!
Nancy.
----- Original Message ----- From: "Jasper Bryant-Greene" <[EMAIL PROTECTED]> 
To: "php" <php-general@lists.php.net>
Sent: Tuesday, August 30, 2005 8:48 AM
Subject: Re: [PHP] Cookies.



Nancy Ferracutti Kincaide wrote:
I am trying to install a web application that tests if cookies are enabled the following way: 

 $this->usesCookies =
                   (isset($_COOKIE[session_name()]) &&
                    @strlen($_COOKIE[session_name()])
                    == 32);
As it gives as a result, that cookies are NOT ENABLED, I can't go on with the SETUP phase.
The responsible of the FALSE result, in the sentence above, is the LENGTH of the string $_COOKIE[session_name()]. Its actual value is 26 instead of 32, as expected. ¿Could anyone tell me if that LENGTH should be 32? ¿Is this value mandatory to admit that cookies are enabled?
That would depend on what the session hash function was set to. Normally it should be 32 or 40 depending on whether MD5 or SHA1 was selected.
Just the fact that $_COOKIE[session_name()] is set would indicate that cookies are enabled, but the application may be performing some sort of sanity check, which is obviously failing...
Put a die($_COOKIE[session_name()]); just before that line, and tell us what it shows. 

--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to