So... what does the redirect thing do out of all this? Restrict your HTTP_REFERRER from being passed on, I take it?
Hm, what happens when people (unwittingly) post a link to a message or something on another webpage with their session ID still attached to it?
Why not just make a check for IP address? I would think that it's reasonable for you to log in again if you got disconnected.
If I'm not mistaken; slashdot does this and perlmonks.org - right?
- wil
Hm, what happens when people (unwittingly) post a link to a message or something on another webpage with their session ID still attached to it?
Why not just make a check for IP address? I would think that it's reasonable for you to log in again if you got disconnected.
If I'm not mistaken; slashdot does this and perlmonks.org - right?
- wil