Todd White [EMAIL PROTECTED] writes:
i'm sure this is not a novel need, but i have failed to find or come up
with just yet any (non-cookie) solution yet. i'm trying dearly to avoid
cookies, but if that's the best or only way to do this, feel free to speak
up. i'd love to hear from someone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 03 April 2003 20:33, Perrin Harkins wrote:
Of course you could also just totally prevent people from logging in
again if there is already an active session for that user, but that
will cause problems because your sessions will not get
On Fri, Apr 04, 2003 at 03:34:25PM +0200, Frank Maas wrote:
You can set a session (see Apache::Session and related modules) that
can use the uri as session-container as well (eg
http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session
part (9o79876a98d7fa98d7) can be stored in a
On Fri, Apr 04, 2003 at 03:34:25PM +0200, Frank Maas wrote:
You can set a session (see Apache::Session and related modules) that
can use the uri as session-container as well (eg
http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session
part (9o79876a98d7fa98d7) can be stored in a
On Fri, Apr 04, 2003 at 10:13:59PM +0200, Frank Maas wrote:
On the latter I totally agree. To avoid the session snatching you
describe, you can store IP addresses on your site in the database.
You won't solve proxyserver-problems with this though. So what about
the following approach:
*
On Fri, Apr 04, 2003 at 10:13:59PM +0200, Frank Maas wrote:
On the latter I totally agree. To avoid the session snatching you
describe, you can store IP addresses on your site in the database.
You won't solve proxyserver-problems with this though. So what about
the following approach:
getting dropped because the data got
lost. It certainly avoids the potential controversy that may come up over cookies.
Chuck
-Original Message-
From: Robert Landrum [mailto:[EMAIL PROTECTED]
Sent: Friday, April 04, 2003 11:53 AM
To: [EMAIL PROTECTED]
Subject: Re: stopping concurrent