The following article highlights security issues with session ID's. It also goes on to say not to use URL re-writes. How does this affect ZF? The quick test provided in the link does indeed expose my session ID when using Zend_Auth. http://www.theregister.co.uk/2008/09/29/sessionid_protection/ <http://www.theregister.co.uk/2008/09/29/sessionid_protection/> - Robert
________________________________________________________________________ This email has been scanned for all known viruses by the MessageLabs Email Security Service and the Macro 4 plc internal virus protection system. ________________________________________________________________________
