> [snip} > > As well as much harder for AOL subscribers (whose IP's change per-request) > > to use the site. > [snip] > > WHAT?? Are you sure of this? AOL really breaks internet browsing this > much? Sorry, I can't believe this. If this was true, many things would > break.
Not really -- HTTP is stateless, so there's really no reason for each request to come from the same IP. As other posters in this thread have pointed out, AOL uses an army of proxy servers. In the past, they've even cached and re-compressed images for the benefit of those on slow dialup. As you say, wacky stuff. You're on the right track, though - the way to make cookies tougher to crack is to associate the cookie with some other piece of user information. I've toyed with using an encrypted string based on the user agent as part of the cookie, but have never encountered a project where this level of care was called-for while SSL was not. --------------------------------------------------------------------- michal migurski- contact info and pgp key: sf/ca http://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
