Todd White <[EMAIL PROTECTED]> writes:
> i'm sure this is not a novel need, but i have failed to find or come up
> with just yet any (non-cookie) solution yet. i'm trying dearly to avoid
> cookies, but if that's the best or only way to do this, feel free to speak
> up. i'd love to hear from some
from a user or a session getting dropped because the data got
lost. It certainly avoids the potential controversy that may come up over cookies.
Chuck
-Original Message-
From: Robert Landrum [mailto:[EMAIL PROTECTED]
Sent: Friday, April 04, 2003 11:53 AM
To: [EMAIL PROTECTED]
Subject
> On Fri, Apr 04, 2003 at 10:13:59PM +0200, Frank Maas wrote:
>> On the latter I totally agree. To avoid the session snatching you
>> describe, you can store IP addresses on your site in the database.
>> You won't solve proxyserver-problems with this though. So what about
>> the following approach:
On Fri, Apr 04, 2003 at 10:13:59PM +0200, Frank Maas wrote:
> On the latter I totally agree. To avoid the session snatching you
> describe, you can store IP addresses on your site in the database.
> You won't solve proxyserver-problems with this though. So what about
> the following approach:
>
> On Fri, Apr 04, 2003 at 03:34:25PM +0200, Frank Maas wrote:
>> You can set a session (see Apache::Session and related modules) that
>> can use the uri as session-container as well (eg
>> http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session
>> part (9o79876a98d7fa98d7) can be stored
On Fri, Apr 04, 2003 at 03:34:25PM +0200, Frank Maas wrote:
> You can set a session (see Apache::Session and related modules) that
> can use the uri as session-container as well (eg
> http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session
> part (9o79876a98d7fa98d7) can be stored in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 03 April 2003 20:33, Perrin Harkins wrote:
> Of course you could also just totally prevent people from logging in
> again if there is already an active session for that user, but that
> will cause problems because your sessions will not get
Todd White wrote:
realizing that ultimately people can share their username/password to a
for-fee protected web site, we would at *least* like to avoid the
possibility that two people could both be logged in at the same time from
two different computers. the use of IP address doesn't seem adequate
Todd,
> realizing that ultimately people can share their username/password to
> a for-fee protected web site, we would at *least* like to avoid the
> possibility that two people could both be logged in at the same time
> from two different computers. the use of IP address doesn't seem
> adequate