[mod_python] Announcement: Roadkill version 0.01 "Kitten"

Geert Jansen geert at boskant.nl
Mon Jun 9 12:45:25 EST 2003

> On Sun, Jun 08, 2003 at 03:43:12PM -0600, Gre7g Luterman wrote:
> > > Then get them to log in (and thus initiate that session), 
> then I can 
> > > hijack their session by using the same URL.  At least 
> with cookies 
> > > it's much harder to get someone to install a cookie for a foreign 
> > > site on their browser.
> > 
> > I suppose I didn't mention it, but I do test the remote IP address
> > against the IP address recorded in the session pickle.
> That can cause trouble for people behind multiple, layer-4 
> switched caches.. the remote IP will be different for 
> different requests..
> That's rare, but it does happen.

Something that will cause trouble with this too are on-demand dialing
ISDN modems which usually have a hangup timeout of about 120 seconds. If
the user stays idle for more than two minutes, the modem will hangup,
then redial and get a different IP address.


More information about the Mod_python mailing list