Learning PHP and MySQL
Example 14-8 Checking for session hijacking
<?php session_start();
$user_check = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR']);
if (empty($_SESSION['user_data'])) {
session_regenerate_id();
echo ("New session, saving user_check.");
$_SESSION['user_data'] = $user_check;
}
if (strcmp($_SESSION['user_data'], $user_check) !== 0) {
session_regenerate_id();
echo ("Warning, you must reenter your session.");
$_SESSION = array();
$_SESSION['user_data'] = $user_check;
}
else {
echo ("Connection verified!");
}
?>
Posted by on 09/25 at 02:45 PM
Next entry: Example 14-9 session.save_path functionality
Previous entry: Example 14-6 Session using the proper $_SESSION super global