WebApp Sec mailing list archives
re: Session Management and IP address - experiences?
From: eax () 3xt org
Date: Fri, 3 Sep 2004 10:28:42 -0700 (PDT)
Our web-application checked to make sure that the client's source IP address didn't traverse a /24 (only the first three octets were checked). A few months ago I found out we were kicking out ~7,000 people per day, making them go back to the login screen, etc. If you try and bind the session to a single IP I'd imagine you'd have even more of a problem. I had to abandon the IP address checking all together, and compensate in other areas.
Current thread:
- RE: Session Management and IP address - experiences?, (continued)
- RE: Session Management and IP address - experiences? Harry Metcalfe (Sep 04)
- Re: Session Management and IP address - experiences? Viktors Rotanovs (Sep 04)
- Re: Session Management and IP address - experiences? Dave Wichers (Sep 02)
- Re: Session Management and IP address - experiences? Saqib . N . Ali (Sep 04)
- RE: Session Management and IP address - experiences? Mike Randall (Sep 02)
- Session Management and IP address - experiences? Thomas Schreiber (Sep 04)
- Re: Session Management and IP address - experiences? focus (Sep 04)
- Re: Session Management and IP address - experiences? saphyr (Sep 05)
- SpyWare and HTTP headers Steve McCullough (Sep 06)
- Re: Session Management and IP address - experiences? saphyr (Sep 05)
- RE: Session Management and IP address - experiences? Fling, Steven (Sep 04)
- re: Session Management and IP address - experiences? eax (Sep 04)