Have a setting for signed urls to embed the ip of the user into it

[brendanheywood]

• Detect the users ip
• bake that into the signed url
• See if it is carefully cache the redirect url using a header which is hashed off the ip so that if and when the user changes ip then the redirect will be busted and you'll get a new signed url with the new ip. This may not be viable
• The logic above can be skipped if $CFG->tracksessionip is on