You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would improve security if the session id in ICAT would be bound to the ip address that the login request came from. E.g. on login, the ip address would be registered alongside the user name. For each subsequent request using this session id, the session id would be considered invalid if the ip address of the request does not match the registered one.
This would protect against hijacking the session in the case that the session id has been disclosed to an attacker.
The text was updated successfully, but these errors were encountered:
It would improve security if the session id in ICAT would be bound to the ip address that the login request came from. E.g. on login, the ip address would be registered alongside the user name. For each subsequent request using this session id, the session id would be considered invalid if the ip address of the request does not match the registered one.
This would protect against hijacking the session in the case that the session id has been disclosed to an attacker.
The text was updated successfully, but these errors were encountered: