Hello, My problem is this: I wish to have extremely highly secure sessions. I have instituted full SSL, tuned apache, and set the web server security such that there is very low possiblity of internal session hijacking. However, I am concerned about the session fixation problem (as well as a direct attack on the client box yielding the cookie contents), and would like to take into consideration a user's browser SSL certificate as a fairly reliable session-duration indicator that I am talking to the proper client throughout the session. However I cannot find any environment variable or server variable that suggests what the CLIENT's SSL information might be, only what my server's certificates say. This is a fairly common recommendation on the 'net, and I must be a dunce but I cannot find out how to retrieve this information in PHP. Could someone kindly point me in the direction of the right variable here? Thanks!
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
