|
Gregory (Grisha) Trubetskoy
grisha at modpython.org
Sun Jun 8 23:36:08 EST 2003
Just as a sidenote to this discussion - It is surprising how little decent info is available about them. By far the best description of everything relating to cookies from history to issues with them and why they are needed is in this paper: "HTTP Cookies: Standards, Privacy, and Politics" by David M. Kristol http://arxiv.org/abs/cs.SE/0105018 Grisha On Sun, 8 Jun 2003, Dustin Mitchell wrote: > On Sun, Jun 08, 2003 at 03:43:12PM -0600, Gre7g Luterman wrote: > > > Then get them to log in (and thus initiate that session), then I can hijack > > > their session by using the same URL. At least with cookies it's much harder > > > to get someone to install a cookie for a foreign site on their browser. > > > > I suppose I didn't mention it, but I do test the remote IP address > > against the IP address recorded in the session pickle. > > That can cause trouble for people behind multiple, layer-4 switched caches.. > the remote IP will be different for different requests.. > > That's rare, but it does happen. > > Dustin > > -- > > Dustin Mitchell > dustin at ywlcs.org/djmitche at alumni.uchicago.edu > http://people.cs.uchicago.edu/~dustin/ > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|