[Koha-bugs] [Bug 5511] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Jul 10 20:02:36 CEST 2012


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5511

--- Comment #7 from Galen Charlton <gmcharlt at gmail.com> ---
One of our customers ran into this recently.  Given the continued existence of
things like web proxy farms that can result in REMOTE_ADDR changing from
request to request, a general question -- are there any improvements in the
state of the art for anti-session-hijacking measures that would reasonably
allow us to remove the IP address check (or implement a syspref like Amit's
patch tried)?

IMO, a "restrict session by this IP ? Y/n" widget on the login form doesn't
seem like a friendly UI choice.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.


More information about the Koha-bugs mailing list