On 12/12/06, Rob Hudson <[EMAIL PROTECTED]> wrote: > In one of those articles, he describes the "impersonation" scenario, > which is what I wonder if Jeremy is referring to:
No, I was referring to the situation James outlined earlier. But I agree session hijacking is a concern, though totally unrelated to the discussion of whether to move messages to sessions. :) I have also thought about creating session IDs w/ IP salt, but I'm not sure that's either useful or dependable, and hadn't come up with a better idea. I like to pretend that MITM session theft is something that doesn't happen in the real world... --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
