[Tickets #9466] Re: If ip/browser changes during Horde session its not possible to login again
bugs at horde.org
bugs at horde.org
Thu Dec 23 18:44:29 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/9466
------------------------------------------------------------------------------
Ticket | 9466
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | If ip/browser changes during Horde session its not
| possible to login again
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Resolved
Priority | 1. Low
Milestone |
Patch |
Owners | Michael Slusarz
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2010-12-23 13:44) wrote:
Horde is not an intrustion detection system. The session IP is meant
to provide security (which it does), not a definitive determination
that you have been compromised.
Regardless, such investigation would almost certainly be performed by
the admin, not the user.
How would you inform user A in this case? You would have to create
some sort of independent recording system solely for this feature. As
mentioned above, this feature wasn't designed to for this - it is
designed as a simple killswitch in case something fishy might be
occurring but that's the extent of its usefulness.
More information about the bugs
mailing list