What is doing session-fixation-protection??? I resolved session fixation problem saving the ip address of authenticated users, and a filter that always check if ipaddress of the request Is the same that I was save when the user succefully authenticate. Is this method insecure?? I do this because I still use Acegi 1.0.4 and I never heard about acegi session-fixation-protection
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer