Menu
▾
▴
Re: [Bodington-developers] Bodington and AOL
|
From: Alistair Y. <ali...@sm...> - 2007-02-13 11:59:24
|
> I don't think so as the only thing I think we use the
> session.getRemoteHost for is usage monitoring.
any idea why the cookie would be blocked most of the time and get through
other times? Just out of interest. It looks like the usual AOL problem
though.
Alistair
--
mov eax,1
mov ebx,0
int 80h
> Alistair Young wrote:
>> looking at the mvnforum code:
>>
>> if (action.getRemoteAddr().equals(request.getRemoteAddr()) == false) {
>> request.getRequestDispatcher("/mvnplugin/mvnforum/invalidsession.html").forward(request,
>> response);
>> return;
>> }
>>
>> points to AOL being the problem. The IP address has changed since the
>> last
>> request.
>
> This is perfectly legal todo and it's not just AOL who do it although
> they are one of the biggest. The reason for it is that they have a farm
> of proxy servers for all web traffic and it seems that users sessions
> can move between them (load balancing / fault tolerance). When the user
> switches proxys the IP changes, the users have no control over which
> proxy gets used for any request.
>
> The reason for having IP checking is to help prevent session hijacking
> by stealing a users cookie.
>
>>
>> Would bod be affected too?
>
> I don't think so as the only thing I think we use the
> session.getRemoteHost for is usage monitoring.
>
> --
> Matthew Buckett
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>
|
