Posted by dino d. on 03/13/07 03:27

> address or even the port number on your machine that's accessing
> eBay's server -- data which you don't store remotely. If these don't
> match they might ask you to re-authenticate.

thanks for all the replies. let me ask a specific follow up- the
sequence of events goes like this:

a) user types their username and password into a browser, and clicks
submit over an SSL connection
b) user then is brought to a non-ssl connection, where they click
something like "edit password"
c) user is brought to a "change password" page, which is an SSL
connection

it seems to me that in step b, a hacker could catch the session,
correct? so are we to assume that ebay is doing something in addition
to sessions, such as IP recording, etc.?

thanks again,
dino

• Next in forum: Re: cURL Alternative?
• Prev in forum: Re: sessions and security
• Thread view: Re: sessions and security

[Reply to this message]