Is it safe to make public md5 hash of other users' SESSID?
I have a chat application running on a php WebSocket server.
When a client connects, I send him an object with other users' id and nick
name. I need to send those ids so that when an user says something, or
disconnects, etc., other users can know who has said that, or has
disconnected, etc.
Server-side I work with SESSID because I use $_SESSION data, but of course
I can't make public the list of SESSID.
Then, can I use md5($userId) (where $userId is SESSID), or is it possible
to hijack a session from its md5 hash?
No comments:
Post a Comment