Is concentrating solar power into "power plants" the best way? Wouldn't it make more sense to distribute the collection over a large area, namely every persons house?
Hashing the account number (and other info) into an identifier in that cookie, then using that as the session ID, and only allowing access to that one account from that port until another session was authenticated on it, would be more proper.
I don't see why you are coupling the session of the user with the account on the client side. The id of the cookie is arbitrary to the extent that it is unique, and the server will have a lookup of what cookie is with what account. It seems as if with the above approach, subsequent programmers could be misled into thinking there is some trust associated with the cookie identifier and enable some reverse lookup backdoor functionality.
Slashdot Mirror
Your comments are of course based on the movie rather than the facts.
Is concentrating solar power into "power plants" the best way? Wouldn't it make more sense to distribute the collection over a large area, namely every persons house?
Mod parent up, relevant.
Hashing the account number (and other info) into an identifier in that cookie, then using that as the session ID, and only allowing access to that one account from that port until another session was authenticated on it, would be more proper.
I don't see why you are coupling the session of the user with the account on the client side. The id of the cookie is arbitrary to the extent that it is unique, and the server will have a lookup of what cookie is with what account. It seems as if with the above approach, subsequent programmers could be misled into thinking there is some trust associated with the cookie identifier and enable some reverse lookup backdoor functionality.