[PHP] PHPSESSID Handling...
Hi Everyone, I'm working on securing my application, and am running into a slight issue that I cannot seem to find a fix for. If the attacker changes his PHPSESSID cookie to contain illegal characters, it causes an error on the screen upon session_start(). How can I check to see if this is a valid number, and if it is not, exit the application? -Dan Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHPSESSID Handling...
I'm working on securing my application, and am running into a slight issue that I cannot seem to find a fix for. If the attacker changes his PHPSESSID cookie to contain illegal characters, it causes an error on the screen upon session_start(). How can I check to see if this is a valid number, and if it is not, exit the application? if(ereg('[^0-9a-f]',$_REQUEST['PHPSESSID'])) { die(Error in session id); } ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php