ktomk · October 7, 2011 15:02
diff --git a/session_id_validator_fragment.php b/session_id_validator_fragment.php
 <?php
    /**
     * validate string session id
     *
     * @see http://www.devnetwork.net/viewtopic.php?f=34&t=88685#p520259
     *
     * @param string $sessionId
     * @return bool
     */
    public function isValidId($sessionId)
    {
        $strId = (string) $sessionId;
        if ($strId !== $sessionId) return FALSE;

        // session.hash_bits_per_character: '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",")
        // session.hash_function: '0' means MD5 (128 bits) and '1' means SHA-1 (160 bits).
        // len: 22 (128bits, 6 bits/char), 40 (160bits, 4 bits/char)
        return (bool) preg_match('/^[0-9a-zA-Z,-]{22,40}$/', $strId);
    }
	<?php
	/**
	* validate string session id
	*
	* @see http://www.devnetwork.net/viewtopic.php?f=34&t=88685#p520259
	*
	* @param string $sessionId
	* @return bool
	*/
	public function isValidId($sessionId)
	{
	$strId = (string) $sessionId;
	if ($strId !== $sessionId) return FALSE;

	// session.hash_bits_per_character: '4' (0-9, a-f), '5' (0-9, a-v), and '6' (0-9, a-z, A-Z, "-", ",")
	// session.hash_function: '0' means MD5 (128 bits) and '1' means SHA-1 (160 bits).
	// len: 22 (128bits, 6 bits/char), 40 (160bits, 4 bits/char)
	return (bool) preg_match('/^[0-9a-zA-Z,-]{22,40}$/', $strId);
	}