in reply to Re: Check the cookie for changes
in thread Web based password management (or how *not* to blame tye)
The default,
Apache::Session::Generate::MD5,
does MD5->hexhash(time(). {}. rand(). $$)/
Systems such as ASP under IIS appear to have session ID's
that are partially determined by the client headers the
(User-agent, Accept, etc.)
PS> I was horrified re-reading the Apache::Session documentation that in the SYNOPSIS they place a cc number in the session data.
--
perl -pe "s/\b;([st])/'\1/mg"
In Section
Meditations