fliptop wrote: > > Jon Robison wrote: > > > > The most relevant section for you is the Ticket system he describes. (I > > believe the section header says something about Cookies, but you'll know > > you have the right one when you see TicketAccess.pm, TicketTools.pm, and > > TicketMaster.pm. One nice addition is the ability to add encryption to > > the Ticket, and the fact that the author used an MD5 hash (of an MD5 > > hash!) in the cookie, so verification of the authenticity of the user is > > pretty solid so long as you leave in things like ip address, etc. which > > he uses in the cookie by default. (Although AOL and some proxy systems > > might cause this to be trouble). AND, he also uses a mysql db for the > > i have found that using the HTTP_USER_AGENT environment variable instead > of ip address solves the problem with proxy servers and the md5 hash. > anyone ever tried this as a simple workaround?
I think one problem with that is that is fails to uniquely identify the person. Someone please tell me if I am wrong - does the USER_AGENT field get some kind of special serial number from the browser, or is it just a version identified? Best example - large company with 1000 PC's, all with same Netscape installed. How then does the HTTP_USER_AGENT field deliniate between PC's? --Jon
