开发者

What happens if you set an expired session with session_id()?

开发者 https://www.devze.com 2023-04-03 10:28 出处:网络
For my website, i\'m using a flash app to allow some stuff that php and just can\'t do. Therefore i need to have a good medium to check the sessions. My current idea is to add the session into as a ge

For my website, i'm using a flash app to allow some stuff that php and just can't do. Therefore i need to have a good medium to check the sessions. My current idea is to add the session into as a get variable on the swf, and check the contents of the session with session_id() in php after i post the image that i'm processing.

However, i'm afraid it might be 开发者_如何转开发a security risk. So my question is, does session_id(sessionhere) ignore expired sessions. Or does it renew the session, and still use the data that's inside regardless if it is let's say, 6 months old?


session_id() just sets the value of the session cookie variable. It doesn't check if there's a session of that name or not - that's session_start()'s job. Setting the id, however, does force PHP to send a "set cookie" header with the new id, even if you did session_id(session_name()) which works out to a null-op overall.

If you did session_id('constantstring'), then everyone who used your site would share the same session.

0

精彩评论

暂无评论...
验证码 换一张
取 消