SessionStart()

php_newbie22

Hi All,

I am just starting to learn PHP. I had a question about SessionStart(). I am sure it is very easy but maybe I am thinking too much.

We do not want session id's to be re-cycled.

How do I check if the session does not contain the user's browser string and IP address, If it does not, store them in the session. And if the IP and browser string exist and don't match, we call another Logout() function.

Thanks for your help!
-NB

anakadote

session_start() creates a 32-hexadecimal string (usually) and stores it as a text file on the server, and as a cookie on the user's computer, assuming that one doesn't already exist. This allows the session to persist across different page loads by checking that the same value exists on both the server and the user's computer. Sessions will expire, by default, based on settings in the PHP config file (php.ini).

If you need to compare certain session values you would do so like this:

// Starting the session
session_start();
$_SESSION['ip'] = "[IP address here]";
$_SESSION['browser'] = "[user's browser here]"; // Can be retrieved using $_SERVER['USER_AGENT'], for one

// Check the session
session_start();

if(!isset($_SESSION['ip']) || !isset($_SESSION['browser'])){
// call logout function, then redirect to a page that doesn't require authentication
}

bradgrafelman

Note that due to load-balancing and/or proxy servers (e.g. AOL users in the past - don't know if this still holds true) that users might have different IP's from one request to another.