|
|
|
|
|
|
by jvdongen
5080 days ago
|
|
|
In principle you could already achieve that by binding a session (and corresponding cookie) to the client's IP address. No big deal. Problem you may have is that some clients are behind proxy farms and can arrive with different source IP addresses within the scope of a single session. If you do not bind the 'server-assigned-per-connection ID' to an IP address they become just as 'leakable' as a session cookie. |
|
|