I use this for session:
$populate = array('foo' => 'bhkjhr');
$config = new StandardConfig();
$config->setOptions(array(
'remember_me_seconds' => 1800,
'name' => 'zf2',
'use_cookies' => true,
));
$manager = new SessionManager($config);
$manager->regenerateId(true);
$manager->setStorage(new SessionArrayStorage($populate));
$manager->getValidatorChain()->attach('session.validate', array(new
HttpUserAgent(), 'isValid'));
$manager->getValidatorChain()->attach('session.validate', array(new
RemoteAddr(), 'isValid'));
1) But I don't see a cookie named 'zf2'. I just see PHPSESSID. what mistake
I did?
2) I see user agent and ip are set, but I tried to copy id from IE to FF and
still got the session printed, how this validator prevents hijacking?
--
View this message in context:
http://zend-framework-community.634137.n4.nabble.com/ZF-session-tp4661915.html
Sent from the Zend Framework mailing list archive at Nabble.com.
--
List: [email protected]
Info: http://framework.zend.com/archives
Unsubscribe: [email protected]
