Usually people use a cookie to do something like this. As long as the cookie is delivered and read by https, should be fine as a solution.
> Hi, > > We have an old WO application where we require that the requests that > concerns the same session come from the same IP address. We did this to avoid > session theft, as sessions are identified by some code in the URL. When our > application detects a request with an IP address other than the expected one, > the user is directed to the login page. As more and more of our users now > connect from a Wi-Fi, it seems that our IP address requirement maybe will > have to go. In the application logs I now see too many lines telling about IP > address mismatch. > Does anybody have experience with this? Could the use of "Keep-Alive" on the > HTTP connection be a solution? > > /Jon > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list ([email protected]) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/probert%40macti.ca > > This email sent to [email protected] _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
