OT? ish? anyways...
I installed P3P, but the cookies still don't work 100% of the time, it's like they pick and choose when to work and when NOT to work.
There's a solvable issue here.. it's not random. Maybe address this in another post with the code you are using to get/set cookies and store session data.
Part of the reason of using a Session Id being so long, is to make it hard to guess. but being passed in every url, secure and not secure could be bad.
You most prevalent problem here is visitors copying the url for the page they are on and recommending it to others by pasting the url straight into a forum or similar..
Is there a way to make it work ONLY with that browser, but where it won't work if it's on another, such as a different version, or a different "platform" or a different IP?
Your session id is your only real point of reference. You can check the useragent, but (admittedly a while back) Opera changed it's useragent depending on whether or not the page was over https.. You can chek the IP but AOL users will have a different one every time and different users may appear to share the same IP (proxy servers)
cheers,
J
In reply to Re: Session Security
by edoc
in thread Session Security
by powerhouse
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |