Reputation: 625
Get PHP ssl session id
I want to get the ssl session id so I know that it is the same user. When I try $_SERVER['ssl_session_id'] it returns nothing and doing print_r($_SERVER) $_SERVER['ssl_session_id'] doesn't show up.
The reason I need to have the ssl session id is I'm creating a login system and would like to make sure the session can't be used through a fixation attack. I am going to add it to the auth session cookie and then can check it later.
EDIT: From the answers and comments I have gotten: It changes every request and isn't something that is stored in a $_SERVER or $_SESSION super global array; therefore is useless for using on the web and shouldn't be used.
Upvotes: 1
Views: 3200
Answers (2)
Reputation: 625
What I have learned from comments and research is that you can't get the ssl_session_id through PHP and even if you could it changes therefore isn't useful. Thank you to the people who answered and commented.
Upvotes: 1
Reputation: 360612
Did you do
session_start();
before trying to access the session? If yes, then your sessions are broken somehow (cookie not set correct, so a new session is started continually), or you didn't save that value into the session to begin with.
$_SERVER has nothing to do with the session. it's a superglobal that contains information about the server and PHP's configuration. $_SERVER is its own dedicated superglobal, and is purely for server data.
Upvotes: 0
Related Questions
- how to get session variables using session id
- Get Session ID from login via PHP CURL
- PHP - Session identifier - Security
- phpsessid in cookie over https
- Getting value from session PHP
- Retrieve SSL session id in asp.net
- php access session data between HTTPS and HTTP
- Different session IDs between http and https php
- PHP SESSION variables between https and http
- Accessing session data with a session ID