Chris Cormack wrote:
Yep you might be able to do that, but all you would get is an md5 string, we have just rewritten the authentication module using CGI::Session for 3.0. And it wouldn't be any use to you, unless you were also spoofing the ip of the of machine that created that particular session. Nothing of interest is stored in the cookie anymore.
Sounds great. And an amazing coincidence, if I read you correctly: just yesterday I was thinking about tamper-proof and secure cookies, and came up with a similar idea, i.e. encode the IP address of the client somewhere in a secured digest of the information you want. cheers rickw -- _________________________________ Rick Welykochy || Praxis Services I didn't have time to write a short letter, so I wrote a long one instead. -- Mark Twain