[rt-users] Coockie problems with proxies
sommerfeld at orchard.arlington.ma.us
Fri Apr 7 11:36:13 EDT 2000
> Or put less of the IP in the cookie - mask it with a network mask. This
> was a recommended solution I saw somewhere - I can't remember if it is in
> the doco for CGI.pm, or in Apache documentaion, or in a Lincoln Stein book
> I have...
There's no guarantee that all proxies a user may appear through will
be in the same block, or that you'll be able to guess an appropriately
If you want security, don't trust the source IP address.. an attacker
trying to steal a session may be coming through the same proxy as the
Instead, use SSL ..
More information about the rt-users