Hi Have a look at one of the samples that are really easy to find. Snoop Servlet. Load as much data as you can get about the client into a hashtable, and put it in your session pool. Create a new hashtable each request and compare it to the existing one in the session pool. This isn't as good as using ssl, but it is better than just using the ip. If you are doing url re-writing, you could also assign a random number to a cookie. This could be checked each request. But again, if someone knows what they are going on about, this is easy to hack. regards Rob Nidhi Sadanand <[EMAIL PROTECTED]> wrote: > try tying the session with the ip address of user.... > > ----- Original Message ----- > From: Raj Kumar Jha <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 21, 2000 3:20 PM > Subject: Re: [Re: http session bugs] > > > > Hi, > > I am using URL rewriting for session tracking. The problem here is that > > if someone makes a note of the session id from the browser or listens to > it > > on the net and uses the same session id to request a service I am not able > > to differentiate between the two users. Any suggestions on how I can tie a > > session to a particular browser window? > > Thanks in Advance, > > Raj > > [EMAIL PROTECTED] > > > > > ___________________________________________________________________________ > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the > body > > of the message "signoff SERVLET-INTEREST". > > > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > > Resources: http://java.sun.com/products/servlet/external-resources.html > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
