[imp] session not ip save

jan gerber j at thing.net
Thu Dec 26 23:52:46 PST 2002

Previous message: [imp] viewing attachment problem ...
Next message: [imp] adding descriptions to attachments
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As a shock to me i had to realize today that IMP/Hordes implementations
of sessions is not IP-Save.

the least thing would be something like

$ipaddr = $REMOTE_ADDR;
session_register("ipaddr");

And when the user requests a document with sensitive data
verify his/her IP address:
if($ipaddr != $REMOTE_ADDR) {
   go to login page.
}


jan gerber

Previous message: [imp] viewing attachment problem ...
Next message: [imp] adding descriptions to attachments
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the imp mailing list