[mod_python] Announcement: Roadkill version 0.01 "Kitten"

Dustin Mitchell dustin at ywlcs.org
Sun Jun 8 19:15:04 EST 2003 

On Sun, Jun 08, 2003 at 03:43:12PM -0600, Gre7g Luterman wrote:
> > Then get them to log in (and thus initiate that session), then I can hijack
> > their session by using the same URL.  At least with cookies it's much harder
> > to get someone to install a cookie for a foreign site on their browser.
> 
> I suppose I didn't mention it, but I do test the remote IP address 
> against the IP address recorded in the session pickle.

That can cause trouble for people behind multiple, layer-4 switched caches..
the remote IP will be different for different requests..

That's rare, but it does happen.

Dustin

-- 

  Dustin Mitchell
  dustin at ywlcs.org/djmitche at alumni.uchicago.edu
  http://people.cs.uchicago.edu/~dustin/

More information about the Mod_python mailing list