Hello,
First of all I wanted to thank you all for putting together this
wonderful framework. My name is Rohit Sethi and I work for a company
called Security Compass that specializes in application security. My
field of research is on Java EE web application security, and I'm
currently leading
The main reason Session ID-IP address correlation is infrequently used
is due to changes in IP addresses; namely, the AOL Proxy
(http://webmaster.info.aol.com/proxyinfo.html) makes this difficult
for widespread, Internet-facing applications
Luke is right about IP spoofing, although this can still