According to php.net: There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users.
This begs the question, how do you have the session ID but unable to access the script?
Regardless, you would need to set the session ID and then start it...then access the data.
session_id($whatever_id_you_have);
session_start();
echo $_SESSION['somekey'];
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
