Hi Alex,
My guess is that modifying the session_id() methods in session4.inc isn't
helping because the session id is determined by PHP's built-in session
handling. I would take a look at
http://us4.php.net/manual/en/ref.session.php
which lists all the session settings and functions--maybe you could set
the session.name to be different for the different machines, or use a
different entropy source or a different hash algorithm. There's also the
uniqid function which you might be able to use in some way.
Hope that helps.
Clark
On Tue, 21 Sep 2004, Alexander Meis wrote:
> Hi....
>
> i have 2 webservers running with an cookie based load balancer in front.
> the session of each server is saved in their file systems. if one of the
> server goes down
> i have the problem hat some sessions are overlapping and in this way the
> securitiy is poor.
> a way to fix this is the session on nfs or in the db but it generates up to
> 30 mbits of network load.
> my idea at this point is to set a prefix to every session id. the prefix
> should be special to
> every server. example server1adbassdfas vs. server2abfadfasdn as session
> ids.
>
> i tryed to modify the session_id() commands in session4.inc but the session
> id is allways generated by php
> with no prefix even if i comment the lines out.
>
> can someone tell me how to set a session id wich prefix for every server?
> the setting can allso be done in the php.ini
> it does not have to be in the phplib.
>
> Thanks for helping.
>
> Greetings
>
> Alex
|
