What's up guys,
I'm creating a log in system now and I want to secure for session hijacking (I read it up on the PHP Security Consortium website). I have one problem though, I use the session variable to store the user_id, so that I can load the right content from the database when it's needed. However, instead of a session that looks like for example '58', and 58 is the user_id, it now looks like:
585C2reaY2wXT9bR92hgtQnXlcKcxBtWqa8DArzgElQv69L3JgYoO96Ra8CbXHz518Z9ltKn3fK0tL3C2nMbFXdUr8T0HWUHZGgYOsvx2eNTf3JuMlKi/cTTqpqDLGuXtBEa+cgKhgxXgh9QviFgbc50Js/vbpTZ4BmKArgt4kvQE=
The first two numbers, the 58, is the user_id. The rest is the user agent of the logged in user which is encrypted.
My question is, how can I separate the user_id from the encrypted user_agent to use the user_id to do all the right SQL queries and load the right data? So the session identifier at the top, I have to cut it in two pieces, the first piece is the user_id, the second piece the encrypted user_agent.
