Many moons ago, it was discussed to protect sessions with the IP
address. That would have the effect of not allowing a user to switch
IP-adress mid-session (not a big problem) and thereby making
session-theft via cookie-theft much harder.
That together with my protected session-data object would make it
extremely hard to break session-based authorization.
This could easily be implemented for 2.8.
Thoughts?
//Lennart
_______________________________________________
Zope-Coders mailing list
Zope-Coders@zope.org
http://mail.zope.org/mailman/listinfo/zope-coders
address. That would have the effect of not allowing a user to switch
IP-adress mid-session (not a big problem) and thereby making
session-theft via cookie-theft much harder.
That together with my protected session-data object would make it
extremely hard to break session-based authorization.
This could easily be implemented for 2.8.
Thoughts?
//Lennart
_______________________________________________
Zope-Coders mailing list
Zope-Coders@zope.org
http://mail.zope.org/mailman/listinfo/zope-coders