The HTTP_USER_AGENT doesn't identify unique users. It only identifies the browser type/version (assuming it hasn't been messed with).
--Joe Breeden --------------------------------------- If it compiles - Ship It! Aranea Texo > -----Original Message----- > From: Jon Robison [mailto:[EMAIL PROTECTED]] > Sent: Friday, November 16, 2001 10:40 AM > To: [EMAIL PROTECTED] > Cc: Jonathan E. Paton; [EMAIL PROTECTED] > Subject: Re: Doing Authorization using mod_perl from a programmers > perspective > > > fliptop wrote: > > > > Jon Robison wrote: > > > > > > The most relevant section for you is the Ticket system he > describes. (I > > > believe the section header says something about Cookies, > but you'll know > > > you have the right one when you see TicketAccess.pm, > TicketTools.pm, and > > > TicketMaster.pm. One nice addition is the ability to add > encryption to > > > the Ticket, and the fact that the author used an MD5 hash > (of an MD5 > > > hash!) in the cookie, so verification of the authenticity > of the user is > > > pretty solid so long as you leave in things like ip > address, etc. which > > > he uses in the cookie by default. (Although AOL and some > proxy systems > > > might cause this to be trouble). AND, he also uses a > mysql db for the > > > > i have found that using the HTTP_USER_AGENT environment > variable instead > > of ip address solves the problem with proxy servers and the > md5 hash. > > anyone ever tried this as a simple workaround? > > I think one problem with that is that is fails to uniquely > identify the > person. > > Someone please tell me if I am wrong - does the USER_AGENT field get > some kind of special serial number from the browser, or is it just a > version identified? > > Best example - large company with 1000 PC's, all with same Netscape > installed. How then does the HTTP_USER_AGENT field deliniate between > PC's? > > --Jon >
