Posted by bartclarkson on March 27, 2009 at 6:02pm
Jump to:
| Project: | Restrict Login or Role Access by IP Address |
| Version: | 6.x-1.0-beta2 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed (fixed) |
Issue Summary
We're batting around the idea of checking the IP persistently across the entire session. The argument is mostly around session-hijacking, roaming laptops, etc.
As it would cause an extra call for admins with every page, it's more aggressive than some might care for, so the option.
It'd be something kind of like this for xxx.module:
+ if ($user -> uid > 0 && variable_get('restrict_by_ip_persistent', 'no') == 'yes')
+ return _restrict_by_ip_login($user);
Comments
#1
This has been completed in 6.x-3.x version. IP is persistently checked to ensure no stale session data gives access.