Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,368
    Thanks
    262
    Thanked 32 Times in 31 Posts

    regenerate sess id

    Just curious if i have this process correct to avoid session id fixation

    in my login file once the auth is done and everything is fine.

    then i set the session values and also set this

    PHP Code:
    $_SESSION['oldid'] = 1
    then it redirects and opens up the home page

    and at the very top of that home page i have this so that it only executes this one time per login.

    PHP Code:

    //only do this one time per login
    if(isset($_SESSION['oldid']))
    {
    echo 
    "hellow old is set";
    session_regenerate_id(true);
    $_SESSION['oldid'] = '';


    session_start(); 
    Does that look about right?
    Last edited by durangod; 02-16-2013 at 09:32 AM. Reason: moved session start

  • #2
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,368
    Thanks
    262
    Thanked 32 Times in 31 Posts
    Just an update, i did give up on this idea. No matter what i did or where i tried to do this i got some kind of warning or notice. I thought using this would be a good idea but i guess maybe one day i will learn where to use it..


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •