On Thu, 2005-01-27 at 22:44 -0700, Gordon Haverland wrote:
> What am I working on in particular? Well, I really don't want to
> see any sessions of my project get hijacked. So, reading
> PerlMonks and other stuff, I happened across a comment by Randal
> Schwartz about "branding" a browser session. So, I am putting
> the IP, user agent, sessionID, and a few other things, along with
> a HMAC_SHA1 digest of that data and a 160 bit random number into
> the values part of a cookie (session cookie).
I suggest you avoid using IP, unless this is an intranet site where you
have control over the network. Users who come through proxies (i.e. AOL
and other large ISPs) can change their IP on every request.
- Perrin
_______________________________________________
maypole mailing list
maypole at lists.netthink.co.uk
http://lists.netthink.co.uk/listinfo/maypole
This archive was generated by hypermail 2.1.3 : Thu Feb 24 2005 - 22:25:58 GMT