session hijacking and tying session to IP address with filter

Adam Hardy Tue, 28 Oct 2003 01:47:40 -0800

What does everyone think of the idea of noting the IP address in the session so that session hijackers identified if they try to steal a session that has a different IP address from their own?

Are there any drawbacks to this method? Nobody can spoof an IP address and still get back the response, can they?

Thanks
Adam

--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

session hijacking and tying session to IP address with filter

Reply via email to