> I'm working on securing my application, and am running into a slight issue > that I cannot seem to find a fix for. If the attacker changes his > PHPSESSID > cookie to contain illegal characters, it causes an error on the screen > upon > session_start(). > > How can I check to see if this is a valid number, and if it is not, exit > the > application?
if(ereg('[^0-9a-f]',$_REQUEST['PHPSESSID'])) { die("Error in session id"); } ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php