On 2/12/2016 5:20 AM, Lesley Kimmel wrote:
> Thanks for the reply Laurenz. Of course the first thing that I thought
> of to prevent man-in-the-middle was SSL. However, I also like to try
> to address the issue in a way that seems to get at what they are
> intending. It seemed to me that they wanted to do some configuration
> within the database related to session IDs.
when the connection is broken, the process exits and the session ceases
to exist. there are no 'session IDs' to speak of (they are process
IDs instead, but a new process mandates new authentication, there's no
residual authorizations associated with a PID).
--
john r pierce, recycling bits in santa cruz
