CodeIgniter Forums

Full Version: is this a bug?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]alpar[/eluser]
I use sessions stored in a database, and enabled user agent matching.
Actually i had modified the original library to store all the data in the database, but i also checked the original library, and it seems that is the same.

when sawing the session id only 50 characters are saved like so
Code:
substr($this->CI->input->user_agent(), 0, 50)


Now imagine that the user agent is computed in such a way that the last character is a space. When you insert it in the database, MySQL will strip that off, inserting a string of length:49 characters. When re matching a string of 50 characters (with the last space) will not match a 49 character string(without it). So the session system gets useless for the user that is unfortunate enough to have such a user agent. I got one with suse linux 10.2 + firefox...

a solution: store and compare the md5 hash of the first 50 characters of the user agent.

El Forum

[eluser]Derek Allard[/eluser]
Thanks Alpar. Fixed up.