[eluser]alpar[/eluser]
I use sessions stored in a database, and enabled user agent matching.
Actually i had modified the original library to store all the data in the database, but i also checked the original library, and it seems that is the same.
when sawing the session id only 50 characters are saved like so
Code:
substr($this->CI->input->user_agent(), 0, 50)
Now imagine that the user agent is computed in such a way that the last character is a space. When you insert it in the database, MySQL will strip that off, inserting a string of length:49 characters. When re matching a string of 50 characters (with the last space) will not match a 49 character string(without it). So the session system gets useless for the user that is unfortunate enough to have such a user agent. I got one with suse linux 10.2 + firefox...
a solution: store and compare the md5 hash of the first 50 characters of the user agent.
