PHP - using a session to temporarily control

Question

PHP - using a session to temporarily control

I'm a little confused about using sessions for what I plan on. An unregistered user visits my site and uploads a file. This user has control over the ownership of the file throughout the session (set using session_id ()). However, in order to find out that the user has control, a session identifier is inserted into the database for verification with this user identifier. Is this a good practice? How unique are session identifiers?

+4

php

Lukas Jul 23 '12 at 23:00

source share

2 answers

I would create another unique identifier, save it in the session and in db. Some structures and libraries restore session identifiers for security purposes for each request, so it’s not good to assume that they will never change throughout the user's session. The only thing you are sure about session identifiers is that it will definitely be unique.

0

Ray Jul 23 '12 at 23:06

source share

Aatch · Accepted Answer · 2012-07-23T23:07:59+0000

Session identifiers are guaranteed to be unique in the space of the identifiers currently in use. In principle, all current sessions have a unique identifier.

This means that you cannot rely on a session identifier for multiple sessions (it seems obvious when you say so). I suggest doing something like hashing the current time, and using this file has a unique file identifier.

PHP - using a session to temporarily control

More articles: