Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71054

Extend the $CFG->tracksessionip to allow a notification if the ip has changed

    XMLWordPrintable

Details

    Description

      Just adding a softer middle ground between no protection, and a brutal exception if it as detected. Most people if they swap from wifi to mobile and they got a simple notification would be fine.

      But if in casual browsing they saw it for now reason then there could be cause for alarm - and the wording of the notification should guide them in the right direction.

      If someone has figured out some sort of session fixation attack then the ip will keep swapping back between the two UA's ips, so any sort of constant notification is real cause for concern.

      Attachments

        Issue Links

          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-72423 Add a new callback to extend session_check_security

          • Minor - Minor loss of function where workaround is possible
          • Open

          Activity

            People

              Unassigned Unassigned
              brendanheywood Brendan Heywood
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: