An attacker invests a lot of effort in trying to obtain the valid session ID of an existing user. With the session ID, they may be able to have the same capabilities as this user in the system.
Therefore, Our main solution is to verify the validity of session ID.
The following is the content of quoting:
The code is as follows:
<?php if(!isset($_SESSION['user_agent'])){ $_SESSION['user_agent'] =$_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT']; } /* 如果用户session ID是伪造 */ elseif ($_SESSION['user_agent'] != $_SERVER['REMOTE_ADDR'] .$_SERVER['HTTP_USER_AGENT']) { session_regenerate_id(); } ?>
The above is the detailed content of Do you know the security issues of php session?. For more information, please follow other related articles on the PHP Chinese website!