Zone Control Security

Thursday night into Friday morning there was issues with database corruption. After repairing the tables on Thursday night, I did a restore from daily backups as an attempt to recover lost data. Well, I think this screwed things up because i didn't drop the database first. It must have jumbled the old session id's and caused mass chaos in the system. Friday afternoon, i dropped the db and did a complete restore from backup. Everything seems fine now... Please report any weird system behavior to scott at publicip dot net.

This of course raised a security concerns with the way Zone Control handles sessions. I have implemented logic to prevent sessions from being viewed on a different pc than the one it was created on... No cookies, it's all mantained in a sessions table.

I can't say i have allot of experience with db restores, and i guess i learned something very valuble from this. This experience has help me improve the security of Zone Control. Thanks to all of you that helped me work this out. I couldn't have done it without you.