[Maypole] Auto Increment Primary Keys (and Documentation)
Perrin Harkins
perrin@elem.com
Fri, 28 Jan 2005 21:46:44 -0500
On Fri, 2005-01-28 at 18:07 -0700, Gordon Haverland wrote:
> Do
> you have suggestions of other information which can be used to
> "brand" a session?
Well, what are you trying to do? If you want to avoid people tampering
with the contents of your cookie or making up their own session IDs, an
HMAC is all you need. If you're trying to keep people from packet
sniffing cookies and using them, nothing short of SSL will be enough.
Using things like IP and User-Agent is a false-confidence builder if
you're dealing with someone sophisticated enough to steal cookies with a
packet sniffer.
- Perrin