Re: Linking a cookie to an IP address is a very bad in 2015...

When you say transmitting from host to server, what do you mean?
And yes, if I understand what your asking. It effectively compiled a random
hash, and then enforced an IP & user agent. I have recently removed the IP
enforecement though.

On Fri, Apr 3, 2015 at 12:10 AM, Walter H. <Walter.H@mathemainzel.info>
wrote:

>  On 01.04.2015 21:48, Max Bruce wrote:
>
> What about linking to several? I wrote a session system for my Web Server
> that will only allow access to the original Session ID if the IP &
> User-Agent has remained unchanged, in order to protect against session
> hijacking. I've found it's highly effective, unless you IP Spoof.
>
> what kind of mechanism do you use for transmitting the Session ID from
> host to server?
> does it prevent access from an ident configured but different host behind
> a NAT?
>

Received on Friday, 3 April 2015 07:13:49 UTC