[Phplib-trackers] [ phplib-Bugs-493429 ] Double SessionID
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-trackers] [ phplib-Bugs-493429 ] Double SessionID
|
From: <no...@so...> - 2001-12-14 19:47:50
|
Bugs item #493429, was opened at 2001-12-14 11:47 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=493429&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Double SessionID Initial Comment: I found a Problem during Generating a SessionID. When the ID exists in the table active_sessions someone gets your auth data. I'm using the Container Class ct_sql and I fixed this as following: File session.inc function get_id: if ( "" == $id ) { $newid=true; while (!$id = $this->that->ac_newid(md5(uniqid($this- >magic)), $this->name)){ $id = $this->that->ac_newid(md5(uniqid($this- >magic)), $this->name); } } File ct_sql.inc function ac_newid: function ac_newid($str, $name) { $query = "SELECT DISTINCTROW sid FROM ".$this- >database_table." WHERE sid = '$str' AND name = '$name'"; $this->db->query($uquery); if ($this->db->affected_rows() == 0) { return $str; } else { return false; } } ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=493429&group_id=31885 |
