sfxMichael Posted April 7, 2009 Posted April 7, 2009 Hi all, I just read this article and was wondering if there are any solutions out there to solve this problem? http://www.securityfocus.com/bid/34348/info And I don't want to force the users to allow cookies... Or isn't it at all dangerous?? Michael
Jan Zonjee Posted April 7, 2009 Posted April 7, 2009 I just read this article and was wondering if there are any solutions out there to solve this problem?http://www.securityfocus.com/bid/34348/info And I don't want to force the users to allow cookies... If I understand the issue correctly then I tend to think the advice I read elsewhere is correct: admin->Configuration->Settings->Recreate session => set to true Recreate the session to generate a new session ID when the customer logs on or creates an account (PHP >=4.1 needed). Then when someone used a link with an osCsid session tacked on (so that that person knows what session variable you have) it will be of no use because when you log in it is changed anyway.
sfxMichael Posted April 8, 2009 Author Posted April 8, 2009 Thank you Jan! I already switched on the "Recreate Session" option so hopefully I will be fine :) Michael
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.