What about the MAC address? In intranet a user can bump a other user IP easily
Consider this under windows : http://www.wikihow.com/Change-your-IP-Address-%28Windows%29 Not sure you can pick particular IP. With a VM under Linux you can pick the IP you want... It will conflict on the network but it will works at least to hack web2py if you stole the cookies... Richard On Thu, Nov 25, 2010 at 11:05 AM, mdipierro <mdipie...@cs.depaul.edu> wrote: > Consider this scenario... > > You use http to login and somebody intercept the communication, steals > the cookie and logins using your credentials. > > This is no more possible. Now web2py check that the IP of the client > is the same as the IP of the client that started the session. If the > cookie is stolen and/or used from a different IP, web2py refuses to > open the corresponding session. > > I do not see any counter-indication. Comments? > > Massimo
