cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Olson <>
Subject RE: Need Session Help!
Date Mon, 29 Sep 2003 15:21:22 GMT
> What about binding the session on an IP address? As I wrote the last 
> time I don't like cookies (security problem if somebody does 
> not logout 
> explicitely). For link rewriting you have the problem above. 
> So why not 
> testing server side if the login for a specific session was 
> done using 
> the same IP as the current request. The friend who got the 
> copied link 
> has not a valid IP/sessionid combination - and has to login itself.

i think this is a bad idea because some corporate infrastructures may route
requests from the same machine through different NAT firewalls.  we
discovered this problem when our load balancers had their session affinity
set to the same IP.  we had to change the session affinity to encompass all
requests from the same class C network.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message