[dev] Re: [cvs] commit: horde login.php imp redirect.php
Jon Parise
jon at horde.org
Sat Feb 8 18:06:36 PST 2003
On Fri, Feb 07, 2003 at 11:36:42AM -0800, Chuck Hagenbuch wrote:
> chuck 2003/02/07 11:36:42 PST
>
> Modified files:
> . login.php
> . redirect.php
> Log:
> Attempt to make sure that logins *always* use a fresh session. This
> should help with session fixation issues if it works.
>
> I would REALLY appreciate testing/feedback on this. It seems to work
> fine here, but verification that it a). works and b). does what it's
> supposed to would be great.
I think it deserves a block comment explaining the reasoning behind
re-creating the session. The logic itself looks sound, although I
haven't tested it myself.
--
Jon Parise (jon at horde.org) :: The Horde Project (http://horde.org/)
More information about the dev
mailing list