|
Adrian Holovaty
modpython at holovaty.com
Wed Jun 15 17:57:26 EDT 2005
Nick wrote: > Jim Gallacher wrote: > >> You can use req.connection to find the users incoming IP address and > >> save that in the session yourself for later checking. > >> > >> Ie., not a prepackaged check, but the bits are there for you to do it > >> yourself in the manner you need. > > > > Since I'm (still) messing with the session code, maybe this is worth > > building this into the base code now? If it is a security issue let's > > address it and save users the worry and bother of implementing their own. I'm not sure it's foolproof to assume a user's IP address will be the same throughout a session. I seem to recall that AOL users have different IP addresses throughout sessions, because the AOL proxies use some sort of round-robin system. http://www.google.com/search?q=%22ip+address%22+session+aol Adrian
|