Re: Linking a cookie to an IP address is a very bad in 2015...

On Wed, Apr 01, 2015 at 11:52:04AM +0000, Eric Vyncke (evyncke) wrote:
> Indeed, people never learn...
> OTOH, linking a session cookie to the user-agent IP address renders
> 'session cookie stealing' much more difficult

Yes, and accessibility as well. While I definitely understand the
principle of considering a source address to help with the triage
of requests when dealing with a massive attack, in which case it
will definitely get rid of a few valid users, it's absurd to do it
by default.


Received on Wednesday, 1 April 2015 11:59:06 UTC