Re: forum error
- Posted by CoJaBo Aug 31, 2009
- 802 views
As I mentioned before, IP-based authentication is a really bad idea... At the very least, there needs to be a checkbox on the login form to turn it off (IMHO, the default should be off, since noone is going to know what it means).
It's not at all IP based authentication. Once you are authenticated (by a session cookie) it compares, in addition to cookie/session based authentication the IP address.
Jeremy
The problem isn't with authentication in this case, its about blocking legit users. Home IP addresses change anywhere from a few minutes to several months, and it makes no sense to force those people to have to log in to post and again after they have finished typing just to provide a very minimal increase in security.
Even worse, certain ISPs, businesses, and wifi hotspots served from a pool of proxies may not be able to access the forum at all- their IP changes with every request.
