stackoom
  简体   繁体   中英

Check the existence of a session (Nginx)

 原文  2010-08-22 15:57:13       php/ session/ nginx

Question

I have two sessions in PHP: 

$_SESSION["session"]["key"] = md5 ($token . $userAgent . $ip);
$_SESSION["session"]["timeout"] = time ();

Just want to check that sessions with nginx, tried this code without success: 

location / {
    if ($request_filename ~* "index.php") {
        break;
    }

    if ($http_cookie ~* "session") {
        break;
    }

    rewrite ^.+$ https://localhost/index.php last;
}

Any clues ?

Thanks.

1 answers

solution1
 6 ACCPTED  2010-08-22 16:00:57

a cookie just holds the Session ID, an id is always created upon session_start(); so if your calling that within your script the user will always have a session id.

your best bet is too add a second cookie: 

setcookie('session_key',md5 ($token . $userAgent . $ip));

then within nginx: 

if ($http_cookie ~* "session_key")
{
    break;
}

to check if that cookie is set.

If the hash is sensitive then do this: 

setcookie('session_key_active','1');

Then in Nginx: 

if ($http_cookie ~* "session_key_active")
{
    break;
}

But this is still vulnerable , always check server side values match!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check array for existence Check for existence of sessions php associative existence check check for variable existence with isset? check existence of an object in array Check existence of a record in MySQL(with PHP)? check file existence from root check existence of twig template in Timber Easiest way to check for existence of a value Check folder existence Ajax - php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM