[PHP] Using session_regenerate_id With Logins - Tilted Forum Project Discussion Community

soma · 05-25-2006, 10:29 AM

On my login.php script, I'm trying to use the function session_regenerate_id to prevent session fixation attacks. Now, I'm a bit confused by all of this. On my login.php script, if the login validates, the following code runs:

Code:

session_start();
$_SESSION['username'] = $db_username;

I tried using the session_regenerate_id function, but when I add it to the above code, the session variable never sets itself. Strange...

Code:

session_start();
session_regenerate_id();
$_SESSION['username'] = $db_username;

I'm really lost.

05-25-2006, 10:29 AM	#1 (permalink)
soma Addict Location: USA	[PHP] Using session_regenerate_id With Logins On my login.php script, I'm trying to use the function session_regenerate_id to prevent session fixation attacks. Now, I'm a bit confused by all of this. On my login.php script, if the login validates, the following code runs: Code: session_start(); $_SESSION['username'] = $db_username; I tried using the session_regenerate_id function, but when I add it to the above code, the session variable never sets itself. Strange... Code: session_start(); session_regenerate_id(); $_SESSION['username'] = $db_username; I'm really lost. __________________ Having Girl Problems?