The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Is there a way to obtain the URL as it appears in the browser...? That way it would be possible to check if the user had entered a PHPSESSID as a variable in the URL, and let me display an error message if they had.
ie. if they'd entered:
www.mypage.com/logon.php?PHPSESSID=1234
then I'd check to see if PHPSESSID existed in the URL string and give an error message if it was present...
Had a quick browse on the web but canna find anything yet... I'm sure it must be possible though?
[EDIT] - Don't worry, just added a session_regenerate_id() straight after the session_start() to ensure that even if someone specifies a PHPSESSID in the URL, it's changed when they view the page.
If you're not accepting session id via the URL anymore, you may well find PHPSESSID in $_GET/$_POST/$_REQUEST too.
Also you should really change PHPSESSID with session_name to something a little less obvious.