Re: forum error

new topic     » goto parent     » topic index » view thread      » older message » newer message
  • Posted by CoJaBo Aug 31, 2009
  • 953 views
jeremy said...

One way the system prevents snatching of a simple user cookie is to compare your current IP to that of the IP when the session was created. This is not full proof by itself, but there are other checks in place. So, if your IP changed, then it would have caused this problem.

Jeremy

As I mentioned before, IP-based authentication is a really bad idea... At the very least, there needs to be a checkbox on the login form to turn it off (IMHO, the default should be off, since noone is going to know what it means).

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu