appspace pollution :)

Chris Pressey <>
Thu Nov 21 19:37:59 CET 2002


On Mon, 11 Nov 2002 11:25:38 +0100 (CET)
Miguel Barreiro Paz <> wrote:

> 
> > - you can't uniquely identify a client by IP address if that IP
> > address is the address of their proxy server.  I've been trying to
> > avoid cookies at all costs, but for a public user system, they might
> > be a necessary evil. On the other hand, associating user logins to an
> > IP address should be OK for an intranet server.
> 
> 	Not even in an intranet. For whatever (ugly) reasons you are
> sometimes forced to use NAT inside the intranet, or don't have control
> over the whole network (and, well, the IBM intranet for example is
> bigger than Internet was for quite a few years :-)). If you absolutely
> can't use cookies, you can rewrite per-session URLs to include an
> explicit session ID. Combined with SSL it's not too bad. Combined with
> client-side SSL certificates it gets much better.

Thanks for the info.  I'll be working on putting in session id's over the
next little while (although I might not have much time to allot to it in
the near future) and, eventually, SSL.

-Chris



More information about the erlang-questions mailing list