You are here: Re: Format of session id and $_SERVER['REMOTE_ADDR'] « All PHP « IT news, forums, messages
Re: Format of session id and $_SERVER['REMOTE_ADDR']

Posted by J.O. Aho on 02/06/07 08:52

Markus wrote:
> Jerry Stuckle schrieb:
>>> - Is a PHP session id always 32 characters long (if it is generated
>>> normally with session_start() of course), or can it's format vary due
>>> to PHP versions or configurations (I work in shared hosting
>>> envirnoments)?
>>
>> Currently it's 32 characters long. That's not to say it can't change
>> in future releases.
> So as I use it only for temporary data, such as shopping cart orders or
> administrator activities, I assume it is a good idea to work with
> substr(session_id(), 0, 32);

If you try to insert a longer string into the database than the column allows,
it will automatically be turnicated to the max length for the column, so you
don't have to use substr more when you compare the two values. Of you just
assume it's 32 characters long until the day you notice it don't anymore work,
when you ALTER the table to give more space for session id's.


>>> - Can I safely expect $_SERVER['REMOTE_ADDR'] to deliver an IP
>>> address of the format xxx.xxx.xxx.xxx, or can this also be an IPV6
>>> address or other?
>
> To be honest, I never understood what is the point in collecting this
> value at all, it just had been there in the first sample script I got
> from my first PHP teacher years ago...

The vast majority of users will have one and the same IP-number each time they
request a page during the same session, so you can use that ip-number to check
if the request comes from the same machine or not, it you get another ip, you
can assume that someone has managed to sniff the session id and trying to take
over that session, then you could terminate the session and request for the
user to login once more.

If you feel it's overkill, then remove the whole thing, no point in keeping a
IP-number in a database if you not gona use it.

--

//Aho

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация