How does a server in PHP identify a user by session?

D

Dmitry Yakovlev2014-06-24 08:33:32

PHP

Dmitry Yakovlev, 2014-06-24 08:33:32

As you know, the session uses a cookie to identify the user. What if you disable cookies?
Then the server will determine by ip address and user agent. But in this case, there is a chance to confuse the user who goes through the proxy.
Real life case : I opened google and saw someone else's email in the upper right corner, this email belonged to my colleague, but she never sat down at my computer. How can I log into google using someone else's account? At work, we access the Internet through a proxy

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Vitaly Zheltyakov, 2014-06-24
@VitaZheltyakov

"Then the server will determine the ip address and the user agent. But in this case, there is a chance to confuse the user who goes through the proxy."
- No, it's not.
If cookies are disabled, then if allowed, the url parameter is used (added to the end). Or sessions do not work at all. There is no definition by IP and useragent

N

neol, 2014-06-24
@neol

How can I log into google using someone else's account? At work, we access the Internet through a proxy

Most likely caching on a proxy server is crookedly configured.

A

Alexey, 2014-06-24
@rdifb0

www.php.net/manual/en/session.idpassing.php

A

AxisPod, 2014-06-24
@AxisPod

Not everything that is done is done in PHP. And even more so Google does not communicate with php. But a proxy with a clumsy caching setting gives this all the time.

D

Dmitry S, 2014-06-24
@Hakkunamatata

"Then the server will determine by ip address and user agent." - this is nonsense