Thanks for the inputs,
I had considered the possibility of checking up the IP
as you suggested.
In case of Docomo i observerd that the IP address
for requests from same mobile can be different. This
is ideally right since there are multiple servers
at Docomo end from where the request might come to
our server.
This should be the case with other carriers server
too I guess. I just checked with Docomo and reached
this conclusion
Regards
Manish
--- Curt Sampson <cjs@cynic.net> wrote:
> On Sat, 31 Jul 2004, Manish Prabhune wrote:
>
> > Passing session ID in URL is fine.
> > But if i copy the URL and mail it to another
> > mobile phone the session gets continued there.
>
> Not necessarially. It's continued if the other
> person comes to the site
> before the session expires, and you're not doing any
> other checking.
>
> If you're worried about session keys being passed
> around, I would check
> the IP address and the user-agent header as well,
> and not use that
> session if they're not the same as the ones the
> session was originally
> started with.
>
> cjs
> --
> Curt Sampson <cjs@cynic.net> +81 90 7737 2974
> http://www.NetBSD.org
> Don't you know, in this new Dark Age, we're all
> light. --XTC
>
> This mail was sent to address
> applet_graphics@yahoo.com
> Need archives? How to unsubscribe?
> http://www.appelsiini.net/keitai-l/
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
Received on Sun Aug 1 13:08:54 2004