[drupal-devel] [feature] Bind IP to session
chx
drupal-devel at drupal.org
Sat Apr 2 01:23:20 UTC 2005
Issue status update for http://drupal.org/node/19845
Project: Drupal
Version: cvs
Component: base system
Category: feature requests
Priority: critical
Assigned to: chx
Reported by: chx
Updated by: chx
Status: patch
I read a Zope coders' thread [1] on this, and they proposed it as
optional, but on as default. So, admin/settings? Or -- and I'd prefer
this one -- settings.php?
[1] http://mail.zope.org/pipermail/zope-coders/2004-October/005239.html
chx
Previous comments:
------------------------------------------------------------------------
April 2, 2005 - 00:50 : chx
Attachment: http://drupal.org/files/issues/bindip.patch (896 bytes)
This would make session hijacking more than a bit harder.
The code can be compacted even more, but I did not dare.
------------------------------------------------------------------------
April 2, 2005 - 01:51 : danielc
IP's can change during a session. So, this isn't a good idea.
More information about the drupal-devel
mailing list