Session control via cookie only?

Dear forum,

I am wondering wether Echo applications use only the id from the session cookie to verify and maintain the user's sesson between requests? Or do they also check the IP, user agent string, or other marks?

It's a little hard to explain the reason, however I am asking because I would like to be able to access a remote Echo application (which I also own) with a server-side script using the session id obtained from the client after a successful login onto the remote app. (A kind of single sign-on solution...)

Please answer my question, if you can - work-arounds are not wanted in this case. Thanks!


Oh, I tried transfering the

Oh, I tried transfering the cookie to a different user agent - with luck. I also tried going through a proxy with a different IP - with luck. So I suppose the application only checks to session ID, which is a good thing for me. Any comments?