Session Security

[Todd O'Bryan]

Is there any block against someone stealing someone else's session id 
and using it for nefarious purposes? In other words, if I write a grade 
book program, could a sharp student write down the session id from a 
web address (if cookies are off) or look in the teacher's cookie file, 
and then go to a computer in the library and use the same session id to 
connect to the grade book page before the teacher logs out?

Does the session id check itself against the issuing computer's IP 
address or anything to prevent such a thing from happening? I realize 
it's a stretch that someone might leave their computer unattended long 
enough for such a thing to happen, but I just want to be sure. Also, 
could someone listening in to the net traffic grab the session id and 
then use it?

Thanks,
Todd
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]