-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security options (Update documentation to include details on session security) #18
Comments
Yes, there are, although at first glance they're not as explicit as the First I'd review your
Here's an example of the output of the cookie section of the
The output will recommend some changes to your cookie settings which you can either implement directly in your $sessionConfig = new SessionConfig();
$sessionConfig->setOptions(array(
'cookie_secure' => true,
'remember_me_seconds' => 60 * 60 * 24 * 7,
)); (RE: The PHP documentation on Sessions and security is excellent. I highly recommend reviewing it to better understand your options when it comes to securing sessions. The Zend\Session documentation is not as clear as it could be, but it does show all of the settings available to I'll add examples to the Slim Auth sample implementation as soon as I get the chance. |
Thanks for the excellent question, by the way. I'll make sure to update the documentation to include details on Zend\Session and session security. |
Thank YOU Jeremy, I'll look into this asap! |
With the old solution, using SessionCookie, I was able to set some encryption- and secret key-options. Are there any security related options I should set using Zend sessions?
The text was updated successfully, but these errors were encountered: