PHP security-session data exposure (2)
Session data exposure
When you focus on preventing source code exposure, your session data is only equally at risk. By default, SESSION is saved in the /tmp directory. This is convenient in many situations, one of which is that all users have write permissions to /tmp, so Apache also has permission to write. Although other users cannot read these session files directly from the shell environment, they can write a simple script to read them:
<?php
header('Content-Type: text/plain');
session_start();
$path = ini_get('session.save_path');
$handle = dir($path);
while ($filename = $handle->read())
{
if (substr($filename, 0, 5) == 'sess_')
{
$data =
file_get_contents("$path/$filename");
if (!empty($data))
{
session_decode($data);
$session = $_SESSION;
$_SESSION = array();
echo "Session [" . substr($filename, 5) .
"]\n";
print_r($session);
echo "\n--\n\n";
}
}
}
?>
This script searches for files prefixed with sess_ in the session file saving directory defined by session.save_path. Once the file is found, its contents are parsed and its contents are displayed using the print_r() function. This way other developers can easily obtain your user's session data.
The best way to solve this problem is to store your session data in a database protected with a username and password. Since access to the database is controlled, this adds an extra layer of protection. By applying the techniques mentioned in the previous section, your database can provide a safe place for your sensitive data, but you should remain vigilant that the security of your database is becoming increasingly important.
In order to save session data in the database, you first need to create a data table:
CREATE TABLE sessions
(
id varchar(32) NOT NULL,
access int(10) unsigned,
data text,
PRIMARY KEY (id)
);
If you are using MySQL, the table structure is described as follows:
mysql> DESCRIBE sessions; +--------+------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +--------+------------------+------+-----+---------+-------+ | id | varchar(32) | | PRI | | | | access | int(10) unsigned | YES | | NULL | | | data | text | YES | | NULL | | +--------+------------------+------+-----+---------+-------+
If you want session data to be saved in this table, you need to use session_set_save_handler( ) function to edit PHP's built-in session mechanism:
<?php
session_set_save_handler('_open',
'_close',
'_read',
'_write',
'_destroy',
'_clean');
?>
Each of these six arguments is the name of a function that you must write. These functions handle the following tasks:
Each of the above six parameters represents the name of the function that you must write. They handle the following tasks. :
##l Turn on session storage
##l Turn off session storagel Read session data
l Write session data
l Destroy session data
l Clear old session data
I intentionally use meaningful names so that you can see their purpose at a glance. Naming is arbitrary, but you may want to start with an underscore (as shown here) or another naming convention to prevent name conflicts. Here are examples of these functions (using MySQL):
You must call session_set_save_handler() before session_start()
) functions, but you can define the functions themselves anywhere.
The beauty of this process is that you don't have to edit the code or change the way you use sessions. $_SESSION still exists, the behavior remains the same, PHP still generates and delivers session identifiers, and configuration changes related to the session will also take effect. All you need to do is call this one function (and create all the functions specified by it) and PHP will take care of the rest. The above is the content of PHP Security - Session Data Exposure (2). For more related content, please pay attention to the PHP Chinese website (www.php.cn)!
<?php
function _open()
{
global $_sess_db;
$db_user = $_SERVER['DB_USER'];
$db_pass = $_SERVER['DB_PASS'];
$db_host = 'localhost';
if ($_sess_db = mysql_connect($db_host,
$db_user, $db_pass))
{
return mysql_select_db('sessions',
$_sess_db);
}
return FALSE;
}
function _close()
{
global $_sess_db;
return mysql_close($_sess_db);
}
function _read($id)
{
global $_sess_db;
$id = mysql_real_escape_string($id);
$sql = "SELECT data
FROM sessions
WHERE id = '$id'";
if ($result = mysql_query($sql, $_sess_db))
{
if (mysql_num_rows($result))
{
$record = mysql_fetch_assoc($result);
return $record['data'];
}
}
return '';
}
function _write($id, $data)
{
global $_sess_db;
$access = time();
$id = mysql_real_escape_string($id);
$access = mysql_real_escape_string($access);
$data = mysql_real_escape_string($data);
$sql = "REPLACE
INTO sessions
VALUES ('$id', '$access',
'$data')";
return mysql_query($sql, $_sess_db);
}
function _destroy($id)
{
global $_sess_db;
$id = mysql_real_escape_string($id);
$sql = "DELETE
FROM sessions
WHERE id = '$id'";
return mysql_query($sql, $_sess_db);
}
function _clean($max)
{
global $_sess_db;
$old = time() - $max;
$old = mysql_real_escape_string($old);
$sql = "DELETE
FROM sessions
WHERE access < '$old'";
return mysql_query($sql, $_sess_db);
}
?>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
7 PHP Functions I Regret I Didn't Know Before
Nov 13, 2024 am 09:42 AM
If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases?
Apr 03, 2025 am 12:03 AM
What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.
