[mod_python] Question about Session security

Nick nick at dd.revealed.net
Wed Jun 15 17:48:57 EDT 2005

Jim Gallacher wrote:
>> You can use req.connection to find the users incoming IP address and
>> save that in the session yourself for later checking.
>> Ie., not a prepackaged check, but the bits are there for you to do it
>> yourself in the manner you need.
> Since I'm (still) messing with the session code, maybe this is worth 
> building this into the base code now? If it is a security issue let's 
> address it and save users the worry and bother of implementing their own.

Probably a good idea, but make it something you can optionally turn off, as 
there may be someone who wants to have an extended timeout on cookies and 
has users that may connect to the app from work, home, starbucks, etc. but 
keep the same session.


More information about the Mod_python mailing list