I've been delving into persistent sessions more, and I'm just wondering...
To prevent session-snatching (by someone else using the same session ID),
would putting the IP address as a session variable, and checking that on
every page, be an effective deterrent? This still allows for IP spoofing,
but anyone going that far can have it, as far as I care.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com