Don't you just love ZF, they think of everything :-) Thanks!
-----Original Message----- From: keith Pope [mailto:[EMAIL PROTECTED] Sent: 30 September 2008 11:05 To: [email protected] Subject: Re: [fw-general] Session ID Protection This is addressed by Zend_Session already. You should make sure that you re-generate the session id for every request, I usually include Zend_Session::regenerateId() in my bootstrap. I would suggest reading the reference: http://framework.zend.com/manual/en/zend.session.global_session_management.h tml#zend.session.global_session_management.session_identifiers.hijacking_and _fixation Thx 2008/9/30 Robert Castley <[EMAIL PROTECTED]>: > The following article highlights security issues with session ID's. > It also goes on to say not to use URL re-writes. > > How does this affect ZF? The quick test provided in the link does > indeed expose my session ID when using Zend_Auth. > > http://www.theregister.co.uk/2008/09/29/sessionid_protection/ > > - Robert > > ______________________________________________________________________ > __ This email has been scanned for all known viruses by the > MessageLabs Email Security Service and the Macro 4 plc internal virus > protection system. > ______________________________________________________________________ > __ > -- ---------------------------------------------------------------------- [MuTe] ---------------------------------------------------------------------- ________________________________________________________________________ This email has been scanned for all known viruses by the MessageLabs Email Security Service and the Macro 4 plc internal virus protection system. ________________________________________________________________________ ________________________________________________________________________ This email has been scanned for all known viruses by the MessageLabs Email Security Service and the Macro 4 plc internal virus protection system. ________________________________________________________________________
