Issue status update for http://drupal.org/node/19845 Project: Drupal Version: cvs Component: base system Category: feature requests Priority: critical Assigned to: chx Reported by: chx Updated by: chx Status: patch I read a Zope coders' thread [1] on this, and they proposed it as optional, but on as default. So, admin/settings? Or -- and I'd prefer this one -- settings.php? [1] http://mail.zope.org/pipermail/zope-coders/2004-October/005239.html chx Previous comments: ------------------------------------------------------------------------ April 2, 2005 - 00:50 : chx Attachment: http://drupal.org/files/issues/bindip.patch (896 bytes) This would make session hijacking more than a bit harder. The code can be compacted even more, but I did not dare. ------------------------------------------------------------------------ April 2, 2005 - 01:51 : danielc IP's can change during a session. So, this isn't a good idea.