Home  >  Article  >  Backend Development  >  Analysis of php session security issues

Analysis of php session security issues

高洛峰
高洛峰Original
2016-11-30 09:42:281072browse

Therefore, our main solution is to verify the validity of the session ID.
The following is the quoted content:
The code is as follows:
if(!isset($_SESSION['user_agent'])){
$ _SESSION['user_agent'] =$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];
}
/* If the user session ID is fake*/
elseif ($_SESSION['user_agent'] != $_SERVER ['REMOTE_ADDR'] .$_SERVER['HTTP_USER_AGENT']) {
session_regenerate_id();
}
?>

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn