I think they can and you'll break AOL users. AOL and other large entities sometimes employ megaproxies where the user might appear to be coming from different ip addresses.
The guaranteed way to prevent session hijacking is by using ssl. (And making sure your site is not victim to css attacks)
BTW, what are css attacks?
-- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
