25 Nov
2001
25 Nov
'01
11:34 p.m.
From: "Chris McDonough" <chrism@zope.com>
Relying on IP addresses to encrypt communication of a session id is problematic. It's almost impossible to rely on a visitor's IP address being the same from request to request in the face of proxy server banks like the ones AOL uses.
And they can be spoofed too.