But you have already stored the IP address of the
attacker who created the session. Therefore when the
victim connects to your web app, you do not allow them
in because the IP address does not match what is
currently stored in the session information.
--- "Sverre H. Huseby" <shh (at) thathost (dot) com [email concealed]> wro...
attacker who created the session. Therefore when the
victim connects to your web app, you do not allow them
in because the IP address does not match what is
currently stored in the session information.
--- "Sverre H. Huseby" <shh (at) thathost (dot) com [email concealed]> wro...
[ more ]