From: "Jon Robison" <[EMAIL PROTECTED]> > What about sockets? I am in the middle of trying to use $c = > $r->connection and $c->remote_addr as part of the cookie name. (So far > I am having trouble with the fact that remote_addr returns packed info, > and I am still searching for how to unpack it - if you know, tell me!). > > It's not 'foolproof', but how many casual cookie stealers can force > their browser to use a particular socket?
How would this be effective? If multiple users are behind a firewall that uses NAT, they will all have the same remote IP address. As for the remote port, that changes from connection to connection so it's not possible to use it as a reliable indicator either.
