This is a good point. Although with a reasonable session timeout this
probably wouldn't happen, but still a problem.
You could also track IP addresses in your session login (which I do anyway
to keep tabs on whether there is any pattern of abuse of the login IDs -
this is a subscription service) and require that a session be connected
from the same IP as it started. I'm not sure how this would work for
services like AOL or big proxies.. is it possible that your IP change over
the course of a given connection? That is I imagine there could be some
type of proxy architechture that distributes load among more than one proxy
server so even single user in a short time frame could have more than one
IP. Possible?
It doesn't make bookmarking impossible, though, if your login mechanism is
well designed. The way I have set it up, the login is integrated into
every page as a function. Once you log in you end up back on the same
page. So if you hit the bookmarked page, it would simply make you log in
again (as it should) and then you'd be where you should be.
Jamie
At 11:05 AM 2/24/00 -0500, Mark D Wolinski wrote:
>Also, what happens if someone wants to share a page they're looking at with
>a friend. To pass that URL to the friend, it includes the session ID, so
>suddenly the friend has everything in a shopping cart the friend already put
