tracksessionip: Skillnad mellan sidversioner
Från MoodleDocs
Ingen redigeringssammanfattning |
Ingen redigeringssammanfattning |
||
(4 mellanliggande sidversioner av samma användare visas inte) | |||
Rad 1: | Rad 1: | ||
==Comments== | |||
== | |||
* "It restricts a single session from changing IP, and this is mostly a debugging tool for a strange problem that we think is a PHP bug. It does not stop a single user from having more than one session." | * "It restricts a single session from changing IP, and this is mostly a debugging tool for a strange problem that we think is a PHP bug. It does not stop a single user from having more than one session." | ||
* http://moodle.org/mod/forum/discuss.php?d=47271#217274 | ** Martin Langhoff in http://moodle.org/mod/forum/discuss.php?d=47271#217274 | ||
* "suppose you logged in using a dial up connection. If you get disconnected and then reconnect, tracksessionip will not let you open pages even if you had your browser open." | |||
** Vikram Solia in http://moodle.org/mod/forum/discuss.php?d=32879#157645 | |||
==Config.php== | ==Config.php== | ||
* to turn it on, go to config.php and uncomment: | * to turn it on, go to config.php and uncomment: | ||
* $CFG->tracksessionip= True; | * $CFG->tracksessionip= True; | ||
// If this setting is set to true, then Moodle will track the IP of the | |||
// current user to make sure it hasn't changed during a session. This | |||
// will prevent the possibility of sessions being hijacked via XSS, but it | |||
// may break things for users coming using proxies that change all the time, | |||
// like AOL. | |||
==Alternative== | |||
* set dbsessions to "YES" so that sessions are stored in the db | |||
* non-recommended alternative method is to allow domain users write access to the sessions directory (see note at bottom of [[NTLM_authentication]]) |
Nuvarande version från 29 april 2007 kl. 04.04
Comments
- "It restricts a single session from changing IP, and this is mostly a debugging tool for a strange problem that we think is a PHP bug. It does not stop a single user from having more than one session."
- Martin Langhoff in http://moodle.org/mod/forum/discuss.php?d=47271#217274
- "suppose you logged in using a dial up connection. If you get disconnected and then reconnect, tracksessionip will not let you open pages even if you had your browser open."
- Vikram Solia in http://moodle.org/mod/forum/discuss.php?d=32879#157645
Config.php
- to turn it on, go to config.php and uncomment:
- $CFG->tracksessionip= True;
// If this setting is set to true, then Moodle will track the IP of the // current user to make sure it hasn't changed during a session. This // will prevent the possibility of sessions being hijacked via XSS, but it // may break things for users coming using proxies that change all the time, // like AOL.
Alternative
- set dbsessions to "YES" so that sessions are stored in the db
- non-recommended alternative method is to allow domain users write access to the sessions directory (see note at bottom of NTLM_authentication)