the cookie that is issued for the user is the same that
is issued for an administrator. therefore, an ordinary
user may take their cookie and submit it under a
different name, and might think that they can gain
fortunately, this can only occur on browsers operating
from the ip range 192.168.1.* due to the internal
restrictions in the cgi scripts.