appspace pollution :)
Thu Nov 21 19:37:59 CET 2002
On Mon, 11 Nov 2002 11:25:38 +0100 (CET)
Miguel Barreiro Paz <> wrote:
> > - you can't uniquely identify a client by IP address if that IP
> > address is the address of their proxy server. I've been trying to
> > avoid cookies at all costs, but for a public user system, they might
> > be a necessary evil. On the other hand, associating user logins to an
> > IP address should be OK for an intranet server.
> Not even in an intranet. For whatever (ugly) reasons you are
> sometimes forced to use NAT inside the intranet, or don't have control
> over the whole network (and, well, the IBM intranet for example is
> bigger than Internet was for quite a few years :-)). If you absolutely
> explicit session ID. Combined with SSL it's not too bad. Combined with
> client-side SSL certificates it gets much better.
Thanks for the info. I'll be working on putting in session id's over the
next little while (although I might not have much time to allot to it in
the near future) and, eventually, SSL.
More information about the erlang-questions