2017-03-31 15:58
浏览 250


As far as I know webapps use session_start(); that implicitly create the session cookie PHPSESSID to recognize his users,

but when analysing the outgoing HTTP requests toward differents web applications (yahoo, facebook, gmail, youtube) I didn't see this cookie in the HTTP header but another ones :

sid, ssid, gmail_at, apisid, sapisid in gmail

datr, lu, c_user, xs, fr in facebook...

is one of these cookies is the same as PHPSESSID/JSESSID and they rename it ? (I don't think so, they don't have the same length)

is there another way that session_start() and URL Rewriting to distinguish sessions ?

or they create manually the session IDs with setcookie(); ? what is the advantage then ?

图片转代码服务由CSDN问答提供 功能建议

据我所知,webapps使用 session_start(); 隐式创建会话cookie PHPSESSID 识别他的用户,

但在分析对不同网络应用程序(yahoo,facebook,gmail,youtube)的传出HTTP请求时,我没有看到这个 HTTP标头中的cookie,但另一个:

sid,ssid,gmail_at,apisid,sapisid 在gmail中

< 在facebook中的em> datr,lu,c_user,xs,fr ...

这些cookie中的一个与PHPSESSID / JSESSID相同并重命名吗? (我不这么认为,它们的长度不一样)

还有另一种方法 session_start()和URL重写来区分会话吗?

或者他们使用 setcookie(); 手动创建会话ID? 那么有什么优势呢?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dtfpznrbn503027700
    dtfpznrbn503027700 2017-03-31 16:02

    You can rename the session cookie and alter the hash algo

    Try session_name($newName) to change PHPSESSID.

    Or change the cookie value itself with session_id($string)

    Also its a server configuration/app behaviour thing. You can safe your cookie to user relation in a file, or in a table.

    点赞 评论