[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mailmam, web bridge, forum, p2p (was: Diversification)
From: |
Nala Ginrut |
Subject: |
Re: mailmam, web bridge, forum, p2p (was: Diversification) |
Date: |
Fri, 25 Oct 2019 07:42:41 +0800 |
Yes, you need to login if you change IP, but the last IP keeps session.
BTW, encoding token in URL is bad for SEO.
Zelphir Kaltstahl <address@hidden> 于 2019年10月25日周五 01:44写道:
> Hi Nala!
>
> I have a question regarding this IP check.
>
> Does this mean that both, the IP address and (logical and) the cookie
> need to be correct, or is it an inclusive logical or?
>
> I sometimes find myself switching location of the server of the VPN I am
> using. In such a case, would I still be logged in, based on the correct
> cookie, or would I be logged out, because my IP address does not match
> my previous address?
>
> Regards,
>
> Zelphir
>
> On 10/24/19 4:15 PM, Nala Ginrut wrote:
> > On Thu, Oct 24, 2019 at 8:30 PM pelzflorian (Florian Pelz) <
> > address@hidden> wrote:
> >
> >> Because of login CSRF the Referer header should also be verified for
> >> all links internal to the website (external links should strip the
> >> Referer header via redirect pages similar to what the code attached to
> >> this mail does).
> >>
> >> I do not know what Artanis does currently. I will check next week.
> >>
> >>
> > The current Artanis will check both session token (from cookies) and the
> > client IP.
> > This method was blamed to be overkilled because some users may be in the
> > same LAN with a unique external IP.
> > But I think IPv6 will cover this world finally, so I think this would be
> > the best way to go.
> > Of course, there's no conflict to add extra verification token. Patches
> or
> > proposals are welcome. ;-)
> >
> > Best regards.
>
>
- Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile], (continued)
- Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile], Zelphir Kaltstahl, 2019/10/23
- Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile], Nala Ginrut, 2019/10/23
- Re: Diversification [ branched from Re: conflicts in the gnu project now affect guile], pelzflorian (Florian Pelz), 2019/10/24
- mailmam, web bridge, forum, p2p (was: Diversification), Amirouche Boubekki, 2019/10/24
- Re: mailmam, web bridge, forum, p2p (was: Diversification), pelzflorian (Florian Pelz), 2019/10/24
- Re: mailmam, web bridge, forum, p2p (was: Diversification), Nala Ginrut, 2019/10/24
- Re: mailmam, web bridge, forum, p2p (was: Diversification), Zelphir Kaltstahl, 2019/10/24
- Re: mailmam, web bridge, forum, p2p (was: Diversification),
Nala Ginrut <=
- Re: mailmam, web bridge, forum, p2p, Mike Gerwitz, 2019/10/24
- Re: mailmam, web bridge, forum, p2p, tomas, 2019/10/26
- Re: mailmam, web bridge, forum, p2p, Nala Ginrut, 2019/10/26
- Re: mailmam, web bridge, forum, p2p, tomas, 2019/10/26
- Re: mailmam, web bridge, forum, p2p, Mike Gerwitz, 2019/10/27
- Re: mailmam, web bridge, forum, p2p, Mike Gerwitz, 2019/10/27
- Re: mailmam, web bridge, forum, p2p, tomas, 2019/10/27
- Re: mailmam, web bridge, forum, p2p, tomas, 2019/10/27
- Re: mailmam, web bridge, forum, p2p, Keith Wright, 2019/10/27
- Re: mailmam, web bridge, forum, p2p, Zelphir Kaltstahl, 2019/10/27