Hi,
>If you are using Tango's/Witango's <@USERREFERENCE> exclusively to track
>sessions and user variables, and you are passing this in the URL with
><@USERREFERENCEARGUMENT> then you are allowing session hijacking.
Yes, I understand that.
It has not been a problem for us in the past, but is now.
>One way to limit this is to also include the client's IP as part of the
>userKey, but then those people behind a NAT could still end up sharing a
>session.
Many of our users are coming from behind firewalls and proxy servers and
thus may have the same IP addresses. So, as you say, while adding the IP
address would help, it won't be a complete solution.
Eric
________________________________________________________________________
TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
