Details
-
New Feature
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
Future Dev
-
None
Description
Just adding a softer middle ground between no protection, and a brutal exception if it as detected. Most people if they swap from wifi to mobile and they got a simple notification would be fine.
But if in casual browsing they saw it for now reason then there could be cause for alarm - and the wording of the notification should guide them in the right direction.
If someone has figured out some sort of session fixation attack then the ip will keep swapping back between the two UA's ips, so any sort of constant notification is real cause for concern.
Attachments
Issue Links
- has a non-specific relationship to
-
MDL-72423 Add a new callback to extend session_check_security
-
- Open
-