SSL session_id variable

Sen Haerens lists at ruby-forum.com
Thu Sep 24 16:31:48 MSD 2009


Igor Sysoev wrote:
>  I'm curious to know how do you plan to use it ?

It can be a secure value to check against and prevent session hijacking.
http://en.wikipedia.org/wiki/Session_fixation#Solution:_Utilize_SSL_.2F_TLS_Session_identifier
-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list