Xibo

Restricting sessions to 1 IP is not appropriate for people behind Load Balancers or ISP's that have dynamic addresses

Bug #396735 reported by Dan Garner
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Xibo
Fix Released
High
Dan Garner
Xibo 1.0.3 "Halley"

Bug Description

Xibo restricts a session to an IP address to prevent session hijacking... this is really unnecessary due to other measures available.

Related branches

lp:~dangarner/xibo/396735
Xibo Maintainters: Pending requested
Diff: None lines
Xibo Maintainters: Pending requested
Diff: None lines
Dan Garner (dangarner)
Changed in xibo:
assignee: nobody → Dan Garner (dangarner)
importance: Undecided → High
milestone: none → 1.0.3
status: New → Fix Committed
Revision history for this message
Dan Garner (dangarner) wrote :

To patch:

replace: modules/module_user_general.php with http://bazaar.launchpad.net/%7Edangarner/xibo/396735/download/mail%40dangarner.co.uk-20090707200149-j5q1pqbya8y84vpy/module_user_general.-20081210233331-zodnsxsw2ykbwuxp-20/module_user_general.php

replace: lib/app/session.class.php with http://bazaar.launchpad.net/%7Edangarner/xibo/396735/download/mail%40dangarner.co.uk-20090707200149-j5q1pqbya8y84vpy/session.class.php-20081219220817-60ng15832jezwvnh-9/session.class.php

Dan Garner (dangarner)
Changed in xibo:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.