> matching ip limits the number of session hijackings to atleast the same > network you are on (behind a fw/router which does nat), and the users who > use the same http proxy as you (in case you use one) > > so its either expire/generate (rotate,morph,mutate) SID on each pageload, or > the more popular sollution... IP match
IP match makes no sense. Someone's ip can change dramatically from one click to the next due to dhcp leases timing out, roaming from one wireless gateway to the next, coming through a round-robin dns batch of proxy servers, etc. -Rasmus -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
