[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-users] Re: [Phpgroupware-developers] AOL Users
|
From: |
Dan Kuykendall (Seek3r) |
|
Subject: |
[Phpgroupware-users] Re: [Phpgroupware-developers] AOL Users |
|
Date: |
Tue, 27 Nov 2001 10:28:33 -0800 |
James Lewis wrote:
>
> Hi All,
> I have a couple of AOL users who are trying to user phpgw. I understand
> that for some reason AOL users' web requests come from different IP
> addresses during the same session which stops phpgw from working.
>
> Is there a get around or a quick fix for this? With one user it wasn't a
> big deal, but now with two, possibly three (out of 10 or so) its becoming a
> problem.
Edit your phpgwapi/inc/class.session.inc.php and look for where we check
for the IP address in the SQL statement. Just delete that part and give
it a run.
The problem/risk is that it will then be easier for a "bad guy" to
hijack a users session by simply discovering the sessionid and start
using it. If you are going to disable the check against the IP address,
then I suggest doing everything over SSL (https) so that the sessionid
along with everything else will be encrypted and safe from a simple
sniffer attack.
Seek3r
- Re: [Phpgroupware-users] Question about creating mysql database, (continued)
Re: [Phpgroupware-users] Question about creating mysql database, Chris Weiss, 2001/11/27