10 Jul
2012
10 Jul
'12
8:02 p.m.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5511 --- Comment #7 from Galen Charlton <gmcharlt@gmail.com> --- One of our customers ran into this recently. Given the continued existence of things like web proxy farms that can result in REMOTE_ADDR changing from request to request, a general question -- are there any improvements in the state of the art for anti-session-hijacking measures that would reasonably allow us to remove the IP address check (or implement a syspref like Amit's patch tried)? IMO, a "restrict session by this IP ? Y/n" widget on the login form doesn't seem like a friendly UI choice. -- You are receiving this mail because: You are the QA Contact for the bug. You are watching all bug changes.