Hi,
On Thu, Sep 26, 2013 at 6:19 PM, Leigh <lei...@gmail.com> wrote: > On Sep 24, 2013 3:43 AM, "Laruence" <larue...@php.net> wrote: > > > > I don't think this is language concerning issue. > > > > it could be done in user script.. > > > > thanks > > I agree entirely with Laurence (and others). This shouldn't be a core > feature. It's not one size fits all. > > There's several scenarios where a users IP changes and you don't want to > drop their session. (That doesn't mean it should simply have an option to > disable it either) > Let's be clear here: this won't happen (in most cases), because the client will simply get a new cookie and the session will keep working; it's like what you would implement if your user level goes from anonymous to logged in and vice versa. > > Many people still have dynamic IP addresses for their home connections, but > the group who would suffer the most would be mobile users. It's pretty > frustrating to use most sites with a phone as it is, without being kicked > off every time you switch between grps or hsdpa or whatever. > Aha! I'm glad that you brought up mobile devices, because for those it's more likely that in certain cases the updated cookie is not received while the server believes that it was; scenario: "I stepped into an elevator and was disconnected when I got out.". This makes it an unattractive option to have enabled by default. -- -- Tjerk
