I am wondering wether Echo applications use only the id from the session cookie to verify and maintain the user's sesson between requests? Or do they also check the IP, user agent string, or other marks?
It's a little hard to explain the reason, however I am asking because I would like to be able to access a remote Echo application (which I also own) with a server-side script using the session id obtained from the client after a successful login onto the remote app. (A kind of single sign-on solution...)
Please answer my question, if you can - work-arounds are not wanted in this case. Thanks!