Welcome! Log In Create A New Profile

Advanced

Re: SSL session_id variable

All files from this thread

File Name File Size   Posted by Date  
patch.ssl_session_id 2.2 KB open | download Igor Sysoev 09/24/2009 Read message
patch.ssl_session_id1 3.2 KB open | download Igor Sysoev 09/28/2009 Read message
September 24, 2009 10:52AM
On Thu, Sep 24, 2009 at 02:31:48PM +0200, Sen Haerens wrote:

> Igor Sysoev wrote:
> > I'm curious to know how do you plan to use it ?
>
> It can be a secure value to check against and prevent session hijacking.
> http://en.wikipedia.org/wiki/Session_fixation#Solution:_Utilize_SSL_.2F_TLS_Session_identifier

The attached patch adds $ssl_session_id variable.


--
Igor Sysoev
http://sysoev.ru/en/



Edited 1 time(s). Last edit at 09/24/2009 11:22AM by Jim Ohlstein.
Attachments:
open | download - patch.ssl_session_id (2.2 KB)
Subject Author Posted

SSL session_id variable

Sen Haerens September 23, 2009 11:48AM

Re: SSL session_id variable

Igor Sysoev September 24, 2009 08:22AM

Re: SSL session_id variable

Sen Haerens September 24, 2009 08:36AM

Re: SSL session_id variable Attachments

Igor Sysoev September 24, 2009 10:52AM

Re: SSL session_id variable

Sen Haerens September 27, 2009 02:44PM

Re: SSL session_id variable Attachments

Igor Sysoev September 28, 2009 06:22AM

Re: SSL session_id variable

Omar Kilani October 01, 2009 01:28AM

Re: SSL session_id variable

Igor Sysoev October 06, 2009 10:14AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 151
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready