-
Notifications
You must be signed in to change notification settings - Fork 636
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minserv option to destroy session on IPs mismatch #244
Comments
iliajie
changed the title
Minserv options to destroy session on IPs mismatch
Minserv option to destroy session on IPs mismatch
Aug 24, 2015
This wouldn't work too well for users connecting via a proxy service that runs on multiple machines - their traffic might be coming from several different IPs, despite being from a single user. |
Yes, I realize this. But it would be optional and off be default. This is great benefit for users with static IPs! ;) |
jcameron
added a commit
that referenced
this issue
Aug 25, 2015
Ok, I will add this as an option. |
jcameron
added a commit
that referenced
this issue
Aug 25, 2015
👍 |
Thank you, Jamie! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be very important to have an option in Webmin/Usermin configuration to destroy the session data and force user to provide login credential over again, if initial IP address wouldn't match the latter one. Now, if you login to Webmin using one IP, then, connect to the internet having another IP, and reload the page, - Webmin says nothing! It's possible thread in case session data is stolen/copied in some way.
It would also be user friendly to have a message of why they have to enter their login data again (like it's already done with different messages). Makes perfect sense to me!
Could you please do it?
The text was updated successfully, but these errors were encountered: