• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
is this a bug?

I use sessions stored in a database, and enabled user agent matching.
Actually i had modified the original library to store all the data in the database, but i also checked the original library, and it seems that is the same.

when sawing the session id only 50 characters are saved like so
substr($this->CI->input->user_agent(), 0, 50)

Now imagine that the user agent is computed in such a way that the last character is a space. When you insert it in the database, MySQL will strip that off, inserting a string of length:49 characters. When re matching a string of 50 characters (with the last space) will not match a 49 character string(without it). So the session system gets useless for the user that is unfortunate enough to have such a user agent. I got one with suse linux 10.2 + firefox...

a solution: store and compare the md5 hash of the first 50 characters of the user agent.

Messages In This Thread
is this a bug? - by El Forum - 08-29-2007, 03:24 PM
is this a bug? - by El Forum - 10-01-2007, 05:54 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.