Hi folks, I'm trying to do session-tracking with a get variable as securely as possible. Obviously, this is an inherently insecure technique, but I am trying to mitigate the risks.
I see in a paper by the MIT Lab for Computer Science that Yahoo say they use the remote address for session tracking within the SSL. Yahoo claim that with HTTPS the IP address does not jump around the way it does with HTTP proxies, and it can be used reliably for tracking. Ref: http://cookies.lcs.mit.edu/pubs.html With Yahoo behind the claim it's tempting to belive it, but somehow it seems too good to be true. I don't have access to any big logs right now to check this out. Does anyone have experience with this? -- Geoff Caplan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
