Quote:
|
Originally Posted by Varius
Someone just suggested to me verifying the IP is the same as the one when the session got created, which I think is a good idea for extra security and we will implement.
|
what about simply not putting session id's in url ;)