On Thu, Sep 24, 2009 at 02:31:48PM +0200, Sen Haerens wrote:
> Igor Sysoev wrote:
> > I'm curious to know how do you plan to use it ?
>
> It can be a secure value to check against and prevent session hijacking.
> http://en.wikipedia.org/wiki/Session_fixation#Solution:_Utilize_SSL_.2F_TLS_Session_identifier
The attached patch adds $ssl_session_id variable.
--
Igor Sysoev
http://sysoev.ru/en/
Edited 1 time(s). Last edit at 09/24/2009 11:22AM by Jim Ohlstein.
Attachments:
open |
download -
patch.ssl_session_id
(2.2 KB)