Re: Changing IP addresses
Re: Changing IP addresses
- Subject: Re: Changing IP addresses
- From: Pascal Robert <email@hidden>
- Date: Mon, 19 Nov 2012 07:34:32 -0500
Usually people use a cookie to do something like this. As long as the cookie is delivered and read by https, should be fine as a solution.
> Hi,
>
> We have an old WO application where we require that the requests that concerns the same session come from the same IP address. We did this to avoid session theft, as sessions are identified by some code in the URL. When our application detects a request with an IP address other than the expected one, the user is directed to the login page. As more and more of our users now connect from a Wi-Fi, it seems that our IP address requirement maybe will have to go. In the application logs I now see too many lines telling about IP address mismatch.
> Does anybody have experience with this? Could the use of "Keep-Alive" on the HTTP connection be a solution?
>
> /Jon
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden