Home/ Questions/Q 1018009
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T10:47:33+00:00

I have two sessions in PHP: $_SESSION[session][key] = md5 ($token . $userAgent . $ip);

  • 0

I have two sessions in PHP:

$_SESSION["session"]["key"] = md5 ($token . $userAgent . $ip);
$_SESSION["session"]["timeout"] = time ();

Just want to check that sessions with nginx, tried this code without success:

location / {
    if ($request_filename ~* "index.php") {
        break;
    }

    if ($http_cookie ~* "session") {
        break;
    }

    rewrite ^.+$ https://localhost/index.php last;
}

Any clues ?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    a cookie just holds the Session ID, an id is always created upon session_start(); so if your calling that within your script the user will always have a session id.

    your best bet is too add a second cookie:

    setcookie('session_key',md5 ($token . $userAgent . $ip));

    then within nginx:

    if ($http_cookie ~* "session_key")
{
    break;
}

    to check if that cookie is set.

    If the hash is sensitive then do this:

    setcookie('session_key_active','1');

    Then in Nginx:

    if ($http_cookie ~* "session_key_active")
{
    break;
}

    But this is still vulnerable , always check server side values match!

    • 0