Todd White <[EMAIL PROTECTED]> writes:
> i'm sure this is not a novel need, but i have failed to find or come up
> with just yet any (non-cookie) solution yet. i'm trying dearly to avoid
> cookies, but if that's the best or only way to do this, feel free to speak
> up. i'd love to hear from some
from a user or a session getting dropped because the data got
lost. It certainly avoids the potential controversy that may come up over cookies.
Chuck
-Original Message-
From: Robert Landrum [mailto:[EMAIL PROTECTED]
Sent: Friday, April 04, 2003 11:53 AM
To: [EMAIL PROTECTED]
Subject
> On Fri, Apr 04, 2003 at 10:13:59PM +0200, Frank Maas wrote:
>> On the latter I totally agree. To avoid the session snatching you
>> describe, you can store IP addresses on your site in the database.
>> You won't solve proxyserver-problems with this though. So what about
>> the following approach:
On Fri, Apr 04, 2003 at 10:13:59PM +0200, Frank Maas wrote:
> On the latter I totally agree. To avoid the session snatching you
> describe, you can store IP addresses on your site in the database.
> You won't solve proxyserver-problems with this though. So what about
> the following approach:
>
> On Fri, Apr 04, 2003 at 03:34:25PM +0200, Frank Maas wrote:
>> You can set a session (see Apache::Session and related modules) that
>> can use the uri as session-container as well (eg
>> http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session
>> part (9o79876a98d7fa98d7) can be stored
On Fri, Apr 04, 2003 at 03:34:25PM +0200, Frank Maas wrote:
> You can set a session (see Apache::Session and related modules) that
> can use the uri as session-container as well (eg
> http://www.example.com/9o79876a98d7fa98d7/path/to/doc). The session
> part (9o79876a98d7fa98d7) can be stored in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 03 April 2003 20:33, Perrin Harkins wrote:
> Of course you could also just totally prevent people from logging in
> again if there is already an active session for that user, but that
> will cause problems because your sessions will not get
Todd White wrote:
realizing that ultimately people can share their username/password to a
for-fee protected web site, we would at *least* like to avoid the
possibility that two people could both be logged in at the same time from
two different computers. the use of IP address doesn't seem adequate
Todd,
> realizing that ultimately people can share their username/password to
> a for-fee protected web site, we would at *least* like to avoid the
> possibility that two people could both be logged in at the same time
> from two different computers. the use of IP address doesn't seem
> adequate
i'm sure this is not a novel need, but i have failed to find or come up
with just yet any (non-cookie) solution yet. i'm trying dearly to avoid
cookies, but if that's the best or only way to do this, feel free to speak
up. i'd love to hear from someone who has already tackled the problem of
stopp
10 matches
Mail list logo
