The following article highlights security issues with session ID's. It also
goes on to say not to use URL re-writes.
How does this affect ZF? The quick test provided in the link does indeed
expose my session ID when using Zend_Auth.
This is addressed by Zend_Session already. You should make sure that
you re-generate the session id for every request, I usually include
Zend_Session::regenerateId() in my bootstrap.
I would suggest reading the reference:
Don't you just love ZF, they think of everything :-)
Thanks!
-Original Message-
From: keith Pope [mailto:[EMAIL PROTECTED]
Sent: 30 September 2008 11:05
To: fw-general@lists.zend.com
Subject: Re: [fw-general] Session ID Protection
This is addressed by Zend_Session already. You should
][EMAIL PROTECTED]]
Sent: 30 September 2008 11:05
To: fw-general@lists.zend.com
Subject: Re: [fw-general] Session ID Protection
This is addressed by Zend_Session already. You should make sure that you
re-generate the session id for every request, I usually include
Zend_Session::regenerateId
