My country (Burma) ISP alos changes outgoing IP regularly. it have about 5 ips for me.
On Fri, Nov 26, 2010 at 3:19 AM, Niphlod <[email protected]> wrote: > still there are no counter-indication.... > a session sticks to one single ip. > users of LAN (me and my brother) "hidden" by NAT, users of large WANs > like Fastweb in Italy (and quite everyone in China, I believe) show > themself to the webserver with the same IP address in the same > session. > As long as web2py don't bother if two different users have the same > IP, checking that the session cookie "comes" from the same address is > safer than the actual implementation and doesn't break anything. > I don't know if China's ISP and other privacy softwares, like Tor, can > change the IP address over a session.... in that case this > implementation will break things. > Still, I think that if the default "check" of "remember me 30 days" > saves the cookie for 30 days, probably I'll get to insert username and > password at least every day.... here in Italy if you turn down the > connection (or the router), you get a different IP address. > For me it's not a problem, but probably some people think differently. > > Niphlod > > > On 25 Nov, 17:55, Kuba Kucharski <[email protected]> wrote: > > @massimo > > > > this sounds good, although stealing creditentials/intercepting > > communication is most probable in the networks hidden over NAT - hence > > in this case it will not work. > > > > -- > > Kuba >
