Re: The sound of one cookie (not) authenticating

Hi,
The session ID itself can be linked to visitor information, like IP... So the shopping cart could verify that the stored IP linked to the session matches the actual IP of the visitor. Just a thought.

Greetz
Beatnik
... Quidquid perl dictum sit, altum viditur.

Comment on Re: The sound of one cookie (not) authenticating

Replies are listed 'Best First'.
Re: Re: The sound of one cookie (not) authenticating by Hero Zzyzzx (Curate) on Apr 03, 2001 at 17:15 UTC
Beatnik: I don't think your solution would work (though it's one I considered) for AOL users, who I'd still like to be able to sell to. Have you ever looked at the access logs from AOL users? AOL does some screwy things with IPs. You can't rely on an IP from AOL. This would also flame out in the case of shared computers, like at a university or corporation. If a user accessed my site and added/edited their shopping cart, their cart would still be available to the next user if they didn't log out or close the browser, if you used the IP for verification.	[reply]
Re: Re: Re: The sound of one cookie (not) authenticating by Beatnik (Parson) on Apr 03, 2001 at 17:28 UTC
IP stuff will also fail on load balancing proxies... I can't speak for all schools but in my school they have logins for each student, making somewhat impossible to browse on someone else's account... I doubt you can make it 100% foolproof :) Greetz Beatnik ... Quidquid perl dictum sit, altum viditur.	[reply]