[Zope-Coders] Session IP adress protection
Lennart Regebro
regebro at nuxeo.com
Mon Oct 4 09:12:28 EDT 2004
Many moons ago, it was discussed to protect sessions with the IP
address. That would have the effect of not allowing a user to switch
IP-adress mid-session (not a big problem) and thereby making
session-theft via cookie-theft much harder.
That together with my protected session-data object would make it
extremely hard to break session-based authorization.
This could easily be implemented for 2.8.
Thoughts?
//Lennart
More information about the Zope-Coders
mailing list