function fp_get_session_str

6.x fp_get_session_str()
7.x fp_get_session_str()

This function will provide the session_id as a string, as well as a secret token we can use to make sure the session_id is authentic and came from us and not a hacker.


includes/, line 1655
This file contains misc functions for FlightPath


function fp_get_session_str() {
  $session_id = session_id(); // Get the PHP session_id
  $ip = @$_SERVER ["REMOTE_ADDR"];
  if ($ip == "") {
    $ip = "000";

  // NOTE: We cannot use fp_token() here, since the get function (below) is called before the various bootstrap files are loaded.

  // Create a string where we can confirm the ip and server name the session came from.
  // TODO: Might be able to add more entropy later on, as long as it does not involve the database, since bootstrap isn't loaded yet when validating.  
  $str = $session_id . "~_" . md5($session_id . $ip . php_uname('n'));

  return $str;