Provide a function to detected IP/user_agent changes
Aly93 opened this issue · 1 comments
Aly93 commented
I took a look at your code and I think that would be very useful to implement detection of IP or user agent changes during a session: this could be indicative of a session hijacking attempt.
There is something similar implemented/in your roadmap?
Thank you!
Bouke commented
That's an interesting idea. There's no such thing on the roadmap however. What would you do on detecting a change; terminate the session? The IP might not be a great indicator; for roaming users it might change constantly. Also the User Agent of certain browsers (e.g. Chrome) change often (sometimes multiple times per week), so might also cause false positives.