From: "Chris McDonough" <chrism@zope.com> > Relying on IP addresses to encrypt communication of a session id is > problematic. It's almost impossible to rely on a visitor's IP address > being the same from request to request in the face of proxy server > banks like the ones AOL uses. And they can be spoofed too.