> I'm working on securing my application, and am running into a slight
issue
> that I cannot seem to find a fix for. If the attacker changes his
> PHPSESSID
> cookie to contain illegal characters, it causes an error on the screen
> upon
> session_start().
>
> How can I check to see if this is a valid number, and if it is not,
exit
> the
> application?
if(ereg('[^0-9a-f]',$_REQUEST['PHPSESSID']))
{ die("Error in session id"); }
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
