Am 22.04.2012 20:54, schrieb Reindl Harald: > protecting sessions from hijacking by remember the user-agent > at start and abort each request with the same session ID and > a different user-agent is common sense and some implementations > are also including the client IP > > but - using the client IP is braindead these days > seeing imap users on mobile devices chaging their IP > all day long and kill them the web-application because > they switched the mobile-cell is not a good idea
Probably you've hit a point here: Just for testing purposes, I just killed the WLAN connection and established a new connection with my Vodafone stick (while RC still being loaded in IE8): It didn't take long until RC was again unusable/stuck - same scenario as can be seen in the screenshot some messages ago. Didn't have the patience to wait for any error messages. Could login in a new IE window/instance/session without any problems, though. So is RC using the client IP...? -- Michael Heydekamp Co-Admin freexp.de Düsseldorf/Germany _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
