Ticket UUID: | 6c68067abb19bad2b1c548f91fc928975a9815c6 | ||
Title: | Request an option to allow cookies to not rely on IP address | ||
Status: | Open | Type: | Feature_Request |
Severity: | Minor | Priority: | |
Subsystem: | Resolution: | Open | |
Last Modified: | 2010-03-03 01:06:57 | ||
Version Found In: | |||
Description & Comments: | |||
Those of us on non-static-IP DSL or cable connection have our IP addresses changed periodically (sometimes as often as every day). As a result, our Fossil login cookies become invalid, which is very annoying.
If it is not desirable to generally allow non-IP-based cookies, it would be nice to at least have an option to permit them for those of us who would like to manage our repositories and cookies differently. N.B. -- this issue also affects those of us who log in from different locations (something I do almost every day) anonymous claiming to be Ross Berteig added on 2010-03-03 01:06:57: The big web community sites do this (e.g. facebook, Yahoo, Google) and don't seem to be hugely worried about security issues so it must be possible to achieve. Whether it is practical to achieve and still maintain "enough" security is not obvious to me. |