|
|
|
|
|
|
by soheil
2541 days ago
|
|
|
It is creating a new session it's just that the server code uses a deterministic session key which is created based on your IP address and user agent. So as long as you use the same browser/IP combo you will get assigned the same etag, (at least user-agent is in there otherwise it would be extra trippy to load the page on FF and go to Safari and see the # visits/message displayed there too) $etag = substr(sha1($secret . sha1($_SERVER["REMOTE_ADDR"]) . sha1($_SERVER["HTTP_USER_AGENT"])), 0, 18);
|
|
|
> This tracking method works without needing to use: [...] Your IP address or user agent string
The author even notes in the source, "Normally you would derive this from randomness." I wonder what the reasoning was for this strategy?