- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 1 Apr 2015 21:54:39 +0200
- To: Max Bruce <max.bruce12@gmail.com>
- Cc: Jim Manico <jim@manico.net>, Michael Sweet <msweet@apple.com>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Wed, Apr 01, 2015 at 12:48:36PM -0700, Max Bruce wrote: > What about linking to several? I wrote a session system for my Web Server > that will only allow access to the original Session ID if the IP & > User-Agent has remained unchanged, in order to protect against session > hijacking. I've found it's highly effective, unless you IP Spoof. Sure it's highly effective. Just like it's highly effective in randomly denying access to people who browse using multiple WiFi access point or who switch between 3G and WiFi. Willy
Received on Wednesday, 1 April 2015 19:55:09 UTC