Minserv option to destroy session on IPs mismatch #244
Comments
iliajie
changed the title
|
This wouldn't work too well for users connecting via a proxy service that runs on multiple machines - their traffic might be coming from several different IPs, despite being from a single user. |
|
Yes, I realize this. But it would be optional and off be default. This is great benefit for users with static IPs! ;) |
jcameron
added a commit
that referenced
this issue
Aug 25, 2015
|
Ok, I will add this as an option. |
jcameron
added a commit
that referenced
this issue
Aug 25, 2015
|
👍 |
|
Thank you, Jamie! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be very important to have an option in Webmin/Usermin configuration to destroy the session data and force user to provide login credential over again, if initial IP address wouldn't match the latter one. Now, if you login to Webmin using one IP, then, connect to the internet having another IP, and reload the page, - Webmin says nothing! It's possible thread in case session data is stolen/copied in some way.
It would also be user friendly to have a message of why they have to enter their login data again (like it's already done with different messages). Makes perfect sense to me!
Could you please do it?
The text was updated successfully, but these errors were encountered: