Posted by Jerry Stuckle on 11/04/06 16:38

eleven@cats.com wrote:
> In article <12kiff9en9pubd@corp.supernews.com>, gordonb.m3m16@burditt.org
> says...
>
>>It certainly should generate 2 sessions for accessing two different
>>web sites. Even if they have different IP addresses, that doesn't
>>mean it's not the same machine.
>>
>
>
> Same IP address same site same connection 2 sessions - should only be 1 -
> It IS the same machine.
>
> clearly people are being particularly dense or are deliberately trying to
> disguise a massive security problem by making a simple bug seem complex.
>
> it isnt. its both clear and obvious.
>
> Looks like I'll have to start wirting it up for magazine publication.
> Shame because I'd rather have kept it inside the community.

Same machine - but DIFFERENT HOSTS! That's what you don't get!

For instance - shared hosting may have 150 different sites on the same
machine. Are you saying there should be one session for all 150 sites?
After all - it is the same ip address and same connection.

Ah, but you also said "same site name". Sure, if you have two different
connections to example.com, you will only have one session. And if you
have two different connections to www.example.com, you will have one
session.

But - if you have a connection to example.com and another connection to
www.example.com, you will have two different sessions. It doesn't
matter if example.com and www.example.com are on the same machine or
not. They are DEFINED BY THE RFC's to be two different hosts.

If you want that to change, then you need to get a change made to the
RFC's for all of the internet.

PHP is working exactly as the RFC's define.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]