On Mon, 2004-11-08 at 09:27, Martin Moss wrote: > What I wish to do is prevent another user copying the > session cookie, from one computer to another, and then > gaining access.
If you're talking about packet sniffing attacks, use SSL and call it a day. If you're talking about a technically advanced user who has access to your site signing in with LWP or similar and then moving the cookie to another machine, forget it. There is nothing you can do to prevent this that won't cause problems for some segment of potential users. - Perrin -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
