Maurice Yarrow wrote:
Thanks for adding this thought. As per my previous note on this subject, in light of your (relative) confidence in using IP, maybe I _should_ reconsider the getRemoteAddr() and simply use it as an addt'l advisory for making session auth decision on successive pages as they transit http/https.
Maybe the information in the "Via:" header should be taken into account as well. getRemoteAddr() returns the IP address of the last proxy, there is nothing to stop the proxy route from changing between requests this is allowed.
Darryl --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
