- "It restricts a single session from changing IP, and this is mostly a debugging tool for a strange problem that we think is a PHP bug. It does not stop a single user from having more than one session."
- "suppose you logged in using a dial up connection. If you get disconnected and then reconnect, tracksessionip will not let you open pages even if you had your browser open."
- to turn it on, go to config.php and uncomment:
- $CFG->tracksessionip= True;
// If this setting is set to true, then Moodle will track the IP of the
// current user to make sure it hasn't changed during a session. This
// will prevent the possibility of sessions being hijacked via XSS, but it
// may break things for users coming using proxies that change all the time,
// like AOL.
- set dbsessions to "YES" so that sessions are stored in the db
- non-recommended alternative method is to allow domain users write access to the sessions directory (see note at bottom of NTLM_authentication)