|
Jim Gallacher
jg.lists at sympatico.ca
Wed Jun 15 17:57:00 EDT 2005
Nick wrote: > Jim Gallacher wrote: > >>> You can use req.connection to find the users incoming IP address and >>> save that in the session yourself for later checking. >>> >>> Ie., not a prepackaged check, but the bits are there for you to do it >>> yourself in the manner you need. >> >> >> Since I'm (still) messing with the session code, maybe this is worth >> building this into the base code now? If it is a security issue let's >> address it and save users the worry and bother of implementing their own. > > > Probably a good idea, but make it something you can optionally turn off, > as there may be someone who wants to have an extended timeout on cookies > and has users that may connect to the app from work, home, starbucks, > etc. but keep the same session. > > Nick > Very good point. I hadn't thought of that. Jim
|