Looking in http://api.drupal.org/api/drupal/modules%21user%21user.module/function/u... we can see that there a 2 kind of validations on user:

  1. Pure UID: Drupal validate only against user. This is the most strict.
  2. UID+IP: Drupal checks by this pair. This is used as it is safe enough but more practical because avoids locking out public users.

Drupal defaults to the second one. The purpose of this module is to unlock flood variables and let admins configure them.

Add also user_failed_login_identifier_uid_only to form.

Files: 
CommentFileSizeAuthor
#1 flood_control.patch1020 bytesabautu

Comments

Status:Active» Needs review
StatusFileSize
new1020 bytes

Attaching a patch for this feature.

Status:Needs review» Reviewed & tested by the community

rtbc

Issue summary:View changes

Typo