Anyone know how to capture the UUID from a request? I've been looking all over the place and cant seem to find any reference to it anywhere ...
K -----Original Message----- From: Roger Davenport [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 12:55 PM To: Perrin Harkins Cc: [EMAIL PROTECTED] Subject: RE: collecting unique client (computer) specific info? Apologies.. yes, this was meant for the list!! Roger On Tue, 2003-09-02 at 14:29, Perrin Harkins wrote: Did you mean to send this to the list? It only went to me. On Tue, 2003-09-02 at 15:23, Roger Davenport wrote: > The session ID only lasts a certain time.. anywhere from a couple of > minutes to a couple of days (varies widely). SSLv2 is 16 bytes, and > SSLv3/TLS is anywhere from 1 to 32 bytes. The session ID is > essentially a value which saves the client and server from having to > handshake every time. But if you get a matching value, chances are > that you have the same machine if it's within a reasonable amount of > time. > > Roger > > On Tue, 2003-09-02 at 13:40, Perrin Harkins wrote: > > On Tue, 2003-09-02 at 14:23, kfr wrote: > > > Yes, sorry. I have a site that allows my customers to become members via > > > monthly credit card subscription. The problem is we've been getting > > > fraudulent credit card transactions and need some mechanism to detect a user > > > who is a repeat offender so I can detect them trying to submit yet another > > > bogus CC for access. > > > > Okay, that makes sense. Unfortunatey, there's no foolproof way that I'm > > aware of. To begin with, you can try using a cookie. This will stop > > anyone who is not very technical. Beyond that, I have heard that > > there's some kind of unique identifier in SSL that you may be able to > > use. I know this because the f5 big/ip load balancers used it. Check > > into that. > > > > - Perrin -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
