• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
is this a bug?

#1
[eluser]alpar[/eluser]
I use sessions stored in a database, and enabled user agent matching.
Actually i had modified the original library to store all the data in the database, but i also checked the original library, and it seems that is the same.

when sawing the session id only 50 characters are saved like so
Code:
substr($this->CI->input->user_agent(), 0, 50)


Now imagine that the user agent is computed in such a way that the last character is a space. When you insert it in the database, MySQL will strip that off, inserting a string of length:49 characters. When re matching a string of 50 characters (with the last space) will not match a 49 character string(without it). So the session system gets useless for the user that is unfortunate enough to have such a user agent. I got one with suse linux 10.2 + firefox...

a solution: store and compare the md5 hash of the first 50 characters of the user agent.

#2
[eluser]Derek Allard[/eluser]
Thanks Alpar. Fixed up.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.