Menu
Since every user has a unique PHPSESSID, is it possible for two users, say a to inject info into b's SESSION data using standard PHP running on the server.
Note, I am not using this for any wrong purposes. Trying to use it for chatting without DB access.
Thank you for your time.
490
I'm assuming you want to somehow have A chat to B by sending a message which gets placed into B's session.
First of all, A needs to learn B's session ID, perhaps by selecting their name from a list. You'll almost certainly want to encrypt these session ids, otherwise you have created a nice security hole!
So, A posts data to the server containing the target session id, and a message. Here's how we could temporary switch session ids to write that data into the target session:
//get data from form - I'll leave the encryption of the target
//session id up to you!
$target_session_id=decryptSessionId($_POST['target']);
$message=strip_tags($_POST['message']);
//remember our "real" session id and close the session
$original_session_id=session_id();
session_write_close();
//open the target session
session_id($target_session_id);
session_start();
//add message to target session
$_SESSION['chat'][]=$message;
//close target session
session_write_close();
//reopen the "real" session
session_id($original_session_id);
session_start();
Read up on session fixation
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
