help: How to track user session with fastcgi
Valery Kholodkov
valery+mydns at grid.net.ru
Thu Oct 25 15:34:26 MSD 2007
> If you want some way to assign session id to user for security/external
> data storage identifier etc (the "sessions" in php's meaning) - you should
> use other means to generate them.
>
> Note: cookies generated by userid module shouldn't be used as security
> identifier, since malicious user can easily guess other user's cookie.
You could implement signed cookies like OpenACS or Django do:
http://openacs.org/doc/current/security-design.html
http://code.djangoproject.com/ticket/3285
--
Kind regards,
Valery Kholodkov
More information about the nginx
mailing list