Re: [Phplib-users] Session id Prefix
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Session id Prefix
|
From: Clark F. <cl...@th...> - 2004-09-22 15:20:23
|
Hi Alex, My guess is that modifying the session_id() methods in session4.inc isn't helping because the session id is determined by PHP's built-in session handling. I would take a look at http://us4.php.net/manual/en/ref.session.php which lists all the session settings and functions--maybe you could set the session.name to be different for the different machines, or use a different entropy source or a different hash algorithm. There's also the uniqid function which you might be able to use in some way. Hope that helps. Clark On Tue, 21 Sep 2004, Alexander Meis wrote: > Hi.... > > i have 2 webservers running with an cookie based load balancer in front. > the session of each server is saved in their file systems. if one of the > server goes down > i have the problem hat some sessions are overlapping and in this way the > securitiy is poor. > a way to fix this is the session on nfs or in the db but it generates up to > 30 mbits of network load. > my idea at this point is to set a prefix to every session id. the prefix > should be special to > every server. example server1adbassdfas vs. server2abfadfasdn as session > ids. > > i tryed to modify the session_id() commands in session4.inc but the session > id is allways generated by php > with no prefix even if i comment the lines out. > > can someone tell me how to set a session id wich prefix for every server? > the setting can allso be done in the php.ini > it does not have to be in the phplib. > > Thanks for helping. > > Greetings > > Alex |
