Re: Linking a cookie to an IP address is a very bad in 2015...

On 01.04.2015 21:48, Max Bruce wrote:
> What about linking to several? I wrote a session system for my Web 
> Server that will only allow access to the original Session ID if the 
> IP & User-Agent has remained unchanged, in order to protect against 
> session hijacking. I've found it's highly effective, unless you IP Spoof.
what kind of mechanism do you use for transmitting the Session ID from 
host to server?
does it prevent access from an ident configured but different host 
behind a NAT?

Received on Friday, 3 April 2015 07:11:27 UTC