Hi everyone.
This is my first post.
I have been using Yii for about 6 months.
I have a question about Yii sessions and how they are used to track login status.
Consider the folowing code :
<?php
echo "<pre>";
print_r($_SESSION);
echo "</pre>";
?>
when user is logged in, this outputs :
Array
(
[f0cbf2f89cd6912637d16c3de5031ac5__id] => 2
[f0cbf2f89cd6912637d16c3de5031ac5__name] => user
[f0cbf2f89cd6912637d16c3de5031ac5__states] => Array
(
)
)
Now if I write this code :
$_SESSION['f0cbf2f89cd6912637d16c3de5031ac5__name']='admin';
$_SESSION['f0cbf2f89cd6912637d16c3de5031ac5__id']=1;
This logs in the user as an admin.
My question is this : What is the "f0cbf2f89cd6912637d16c3de5031ac5" part?
How is this ID generated?
This seems to be constant and does not change from one browser to the other, and from one computer to the other.
Isn’t this a security flaw?
Thanks for your help!