Note: You are currently viewing documentation for Moodle 3.8. Up-to-date documentation for the latest stable version of Moodle may be available here: tracksessionip.

tracksessionip

From MoodleDocs
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Comments

Config.php

  • to turn it on, go to config.php and uncomment:
  • $CFG->tracksessionip= True;
// If this setting is set to true, then Moodle will track the IP of the
// current user to make sure it hasn't changed during a session.  This
// will prevent the possibility of sessions being hijacked via XSS, but it
// may break things for users coming using proxies that change all the time,
// like AOL.

Alternative

  • set dbsessions to "YES" so that sessions are stored in the db
  • non-recommended alternative method is to allow domain users write access to the sessions directory (see note at bottom of NTLM_authentication)