Binding of IP address with Session id

前端 未结 4 2150
情话喂你
情话喂你 2021-02-10 02:36

To prevent the session fixation problem, how can we bind the IP address with the session id? Is it possible to bind the session id with that of the IP address??

4条回答
  •  一生所求
    2021-02-10 03:19

    http://en.wikipedia.org/wiki/Session_fixation

    if($_SERVER['REMOTE_ADDR'] != $_SESSION['PREV_REMOTEADDR']) {
       session_destroy(); // destroy all data in session
    }
    session_regenerate_id(); // generate a new session identifier
    $_SESSION['PREV_REMOTEADDR'] = $_SERVER['REMOTE_ADDR'];
    

提交回复
热议问题