Home > Article > Backend Development > Analysis of php session security issues
Therefore, our main solution is to verify the validity of the session ID.
The following is the quoted content:
The code is as follows:
if(!isset($_SESSION['user_agent'])){
$ _SESSION['user_agent'] =$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'];
}
/* If the user session ID is fake*/
elseif ($_SESSION['user_agent'] != $_SERVER ['REMOTE_ADDR'] .$_SERVER['HTTP_USER_AGENT']) {
session_regenerate_id();
}
?>