Security issue
Hi everybody,
I have a big question for you:
in PHP native in order to check an user authentication we were used to perform an action like this:
if($_SESSION["auth"]) echo "authenticated";
else exit();
but using ZF in order to check the privilege, we have to call Zend_Auth::getInstance()
that creates a session cookie, even if the vistor isn't authenticated, haven't we?
After that we have a cookie for session!
Please let me know if I am right and or show me a workaround.
thank you
cheers Fabrizio
|