durusmail: quixote-users: Session Security: Selectively Disable CHECK_SESSION_ADDR
To 3 or not to 3
2006-06-23
Re: To 3 or not to 3
Session Security: Selectively Disable CHECK_SESSION_ADDR
2006-06-29
Re: Session Security: Selectively Disable CHECK_SESSION_ADDR
2006-06-29
2006-06-29
2006-06-29
2006-06-29
Session Security: Selectively Disable CHECK_SESSION_ADDR
Charles
2006-06-29
I like the security that enabling CHECK_SESSION_ADDR affords, but there are
some users where this will not work. (i.e. AOL ppl whose IP changes mid
session).  Is there a way to selectively disable this for a given session?

Maybe the better option would be to move the check to the rest of the
session handling code, where it could be run when enabled for that session.
Any ideas on how to do this?

Has anyone else come up with a good way to keep sessions secure short of
expiring them after a certain time?

Kind Regards,
-Charles

Quixote powered Independent Online Music Distribution:
http://www.subcircuit.com


reply