Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71054

Extend the $CFG->tracksessionip to allow a notification if the ip has changed

    XMLWordPrintable

    Details

      Description

      Just adding a softer middle ground between no protection, and a brutal exception if it as detected. Most people if they swap from wifi to mobile and they got a simple notification would be fine.

      But if in casual browsing they saw it for now reason then there could be cause for alarm - and the wording of the notification should guide them in the right direction.

      If someone has figured out some sort of session fixation attack then the ip will keep swapping back between the two UA's ips, so any sort of constant notification is real cause for concern.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            brendanheywood Brendan Heywood
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: