[EMAIL PROTECTED] wrote: > On Saturday 04 January 2003 04:28, Randall Randall wrote: > > Anyway, session id are usually made by a combined > user-agent/remote_add/agent-langage ..etc some stuff that it > more unique as possible and you just need to check it validation > by marshall all the ENV_VAR pushed by the client. By this way > even a stollen SID make it hard to use. > > I never used the SID of webware, but I think it should use this > mecanism
Currently I have an option in my sites to track IP, so if the client wants to be somewhat more secure against session hijacking at the cost of not being able to connect from behind some proxying firewalls, they can do so. -- Randall Randall <[EMAIL PROTECTED]> "[The] poetic justice of cause and effect compels respect, compassion." -- Faithless, God is a DJ. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
