[PHP] PHPSESSID Handling...
Hi Everyone, I'm working on securing my application, and am running into a slight issue that I cannot seem to find a fix for. If the attacker changes his PHPSESSID cookie to contain illegal characters, it causes an error on the screen upon session_start(). How can I check to see if this is a valid number, and if it is not, exit the application? -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHPSESSID Handling...
I'm working on securing my application, and am running into a slight
issue
that I cannot seem to find a fix for. If the attacker changes his
PHPSESSID
cookie to contain illegal characters, it causes an error on the screen
upon
session_start().
How can I check to see if this is a valid number, and if it is not,
exit
the
application?
if(ereg('[^0-9a-f]',$_REQUEST['PHPSESSID']))
{ die(Error in session id); }
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
