Regenerating the Session ID on Login using the Zend Framework

Written by James Mansson on December 31, 2013 Categories: Session Hijacking, Zend Framework 1

It is a good security practice to regenerate the session ID following a successful login, in order to guard against the session being hijacked. This could occur should the attacking gains access to the session ID stored in a cookie prior to login.

Zend Framework 1 offers a simple static function call which forces a regeneration of the session ID:

Zend_Session::regenerateId();

You should add a call to this function following a successful login by the user.

You can find more about this function in the appropriate part of the Zend Framework documentation.

No Comments on Regenerating the Session ID on Login using the Zend Framework

Leave a Reply

Your email address will not be published. Required fields are marked *