I have the session id of my application. now i want to get all the session variables by using this session id.
I used <?php echo session_id()?>
to get the session id but how to get all the session object values by using this session id?
Advertisement
Answer
According to php.net: There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site’s referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users.
This begs the question, how do you have the session ID but unable to access the script?
Regardless, you would need to set the session ID and then start it…then access the data.
session_id($whatever_id_you_have); session_start(); echo $_SESSION['somekey'];