Hi Tim, Am Donnerstag, 12. Mai 2005 17:20 schrieb Tim Diggins: > Using IP sounds a bit scary as a lookup - think of all the users with > equivalent IP addresses (because of NATing routers/firewalls, etc.). > Plus it would be a strikes me it would be a nightmare to test... > > But, if instead you wanted to have a session that wasn't linked to > tomcat's notion of a session, you could (maybe) build a separate > Session management that was stored in a regular (non-session) cookie > -- it would then persist "across sessions" in the same browser...
But how do you validate that it is still the "right" person in front of the pc / monitor? ;-) Persistent session cookies are simply an inacceptable security breach if more than one person can have access to the pc. Best wishes Lutz --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
