* Randal L. Schwartz ([EMAIL PROTECTED]) [011119 11:00]: > >>>>> "Jon" == Jon Robison <[EMAIL PROTECTED]> writes: > > Jon> Randall, you want to expound upon that? > > Barely ignoring the spelling of my name, I'll simply claim > > "it's not unique". > > Neither is IP address. Or anything that you haven't specifically > round-tripped to the browser. And that doesn't stop someone from > making another browser respond in the same way, or that browser > respond in a different way. > > But this is obvious. I'm confused about why I'd have to explain it. :( >
I think Randal has pointed out many times, as have others, that a browser isn't a person. One doesn't want to authenticate browsers, one wants to authenticate people. Using browser specific information to authenticate a person is not only impossible to do successfully, it is silly to try. Using cookies is only a little bit less unsuccessful. Also, please be sure to note the gotcha in the mod_perl guide that gives you warning that all browsers behave differently when dealing with a 401 status code. Be sure to take that into account. Thanks, JJ -- J. J. Horner "H*","6a686f726e657240326a6e6574776f726b732e636f6d" *************************************************** "H*","6a6a686f726e65724062656c6c736f7574682e6e6574" Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated.
msg22686/pgp00000.pgp
Description: PGP signature