tracksessionip

Jump to: navigation, search

Note: You are currently viewing documentation for Moodle 2.4. Up-to-date documentation for the latest stable version of Moodle may be available here: tracksessionip.

Comments

Config.php

  • to turn it on, go to config.php and uncomment:
  • $CFG->tracksessionip= True;
// If this setting is set to true, then Moodle will track the IP of the
// current user to make sure it hasn't changed during a session.  This
// will prevent the possibility of sessions being hijacked via XSS, but it
// may break things for users coming using proxies that change all the time,
// like AOL.

Alternative

  • set dbsessions to "YES" so that sessions are stored in the db
  • non-recommended alternative method is to allow domain users write access to the sessions directory (see note at bottom of NTLM_authentication)