Re: Protecting against Cookie copying

[prev] [thread] [next] [Date index for 2004/11/08]

On Mon, 2004-11-08 at 09:27, Martin Moss wrote:
> What I wish to do is prevent another user copying the
> session cookie, from one computer to another, and then
> gaining access.

If you're talking about packet sniffing attacks, use SSL and call it a
day.  If you're talking about a technically advanced user who has access
to your site signing in with LWP or similar and then moving the cookie
to another machine, forget it.  There is nothing you can do to prevent
this that won't cause problems for some segment of potential users.

- Perrin


        -- 
        Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html