texte = --0014853198dae64a520476ecceaaContent-Type: text/plain; charset=UTF-8Sorry hit send too earlyThe hacker would have to generate sessionID's - basically generate aduplicate carts - and then keep throwing them at a server hoping to matchthe legitimate sessionID of a logged in user.I had thought of two users logged in with the same sessionID before but hadto stop checking for multiple IPs due to problems with users in somecorporate environments. I can see your point though - so I think I'll startencrypting the sessionID ;-)I still figure if there's ever a hack it will be because a client is loosewith their username/password !Take care- Tom--0014853198dae64a520476ecceaaContent-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printableSorry hit send too early
The hacker would have to genera=te sessionID's - basically generate a duplicate carts - and then keep t=hrowing them at a server hoping to match the legitimate sessionID of a logg=ed in user.
I had thought of two users logged in with the same= sessionID before but had to stop checking for multiple IPs due to problems= with users in some corporate environments. =C2=A0I can see your point thou=gh - so I think I'll start encrypting the sessionID ;-)
I still figure if there's ever a hack it will be be=cause a client is loose with their username/password !
=
Take care
- Tom
--0014853198dae64a520476ecceaa--
Associated Messages, from the most recent to the oldest:
--0014853198dae64a520476ecceaaContent-Type: text/plain; charset=UTF-8Sorry hit send too earlyThe hacker would have to generate sessionID's - basically generate aduplicate carts - and then keep throwing them at a server hoping to matchthe legitimate sessionID of a logged in user.I had thought of two users logged in with the same sessionID before but hadto stop checking for multiple IPs due to problems with users in somecorporate environments. I can see your point though - so I think I'll startencrypting the sessionID ;-)I still figure if there's ever a hack it will be because a client is loosewith their username/password !Take care- Tom--0014853198dae64a520476ecceaaContent-Type: text/html; charset=UTF-8Content-Transfer-Encoding: quoted-printableSorry hit send too early
The hacker would have to genera=te sessionID's - basically generate a duplicate carts - and then keep t=hrowing them at a server hoping to match the legitimate sessionID of a logg=ed in user.