Indeed if a "spy" is observing packets from the beginning of session this will not work, I was certainly drunk when I posted ;)
If I don't want to use https , given the fact I control the source of both client and server , is there any alternative mechanism I can use to avoid fake messages from clients ? ----- Original Message ----- From: "Florin Vancea" <fvan...@maxiq.ro> To: "ICS support mailing" <twsocket@elists.org> Sent: Friday, January 16, 2009 7:23 AM Subject: Re: [twsocket] NIC list > Anyone capturing the session ID will capture the IP you send, too. > If you are concerned about security, use https with your cookies. > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
