I see in the administration documentation: Encrypt cookies using IP address
Even if the password cannot be extracted from the cookie, the cookies might be stolen See: XSS and used as they are. By setting the xwiki.cfg parameter xwiki.authentication.useip to true you can block the cookies from being used except by the same ip address which got them. But when I look in xwiki.cfg, there is no mention of useip. Is this option still recommended for use? thanks Paul _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
