[drupal-devel] [feature] Bind IP to session

chx drupal-devel at drupal.org
Sat Apr 2 01:23:20 UTC 2005

Issue status update for http://drupal.org/node/19845

 Project:      Drupal
 Version:      cvs
 Component:    base system
 Category:     feature requests
 Priority:     critical
 Assigned to:  chx
 Reported by:  chx
 Updated by:   chx
 Status:       patch

I read a Zope coders' thread [1] on this, and they proposed it as
optional, but on as default. So, admin/settings? Or -- and I'd prefer
this one -- settings.php?
[1] http://mail.zope.org/pipermail/zope-coders/2004-October/005239.html


Previous comments:

April 2, 2005 - 00:50 : chx

Attachment: http://drupal.org/files/issues/bindip.patch (896 bytes)

This would make session hijacking more than a bit harder. 
The code can be compacted even more, but I did not dare.


April 2, 2005 - 01:51 : danielc

IP's can change during a session.  So, this isn't a good idea.

More information about the drupal-devel mailing list