From: Nala Ginrut <nalaginrut@gmail.com>
To: Zelphir Kaltstahl <zelphirkaltstahl@posteo.de>
Cc: Guile User <guile-user@gnu.org>
Subject: Re: mailmam, web bridge, forum, p2p (was: Diversification)
Date: Fri, 25 Oct 2019 07:42:41 +0800 [thread overview]
Message-ID: <CAPjoZofVps5hF3GCWpZFGhXMkU8K4SS+1cfHapobGVQy2dZtNw@mail.gmail.com> (raw)
In-Reply-To: <11d013a9-74af-95e7-67d0-497682c268e3@posteo.de>
Yes, you need to login if you change IP, but the last IP keeps session.
BTW, encoding token in URL is bad for SEO.
Zelphir Kaltstahl <zelphirkaltstahl@posteo.de> 于 2019年10月25日周五 01:44写道:
> Hi Nala!
>
> I have a question regarding this IP check.
>
> Does this mean that both, the IP address and (logical and) the cookie
> need to be correct, or is it an inclusive logical or?
>
> I sometimes find myself switching location of the server of the VPN I am
> using. In such a case, would I still be logged in, based on the correct
> cookie, or would I be logged out, because my IP address does not match
> my previous address?
>
> Regards,
>
> Zelphir
>
> On 10/24/19 4:15 PM, Nala Ginrut wrote:
> > On Thu, Oct 24, 2019 at 8:30 PM pelzflorian (Florian Pelz) <
> > pelzflorian@pelzflorian.de> wrote:
> >
> >> Because of login CSRF the Referer header should also be verified for
> >> all links internal to the website (external links should strip the
> >> Referer header via redirect pages similar to what the code attached to
> >> this mail does).
> >>
> >> I do not know what Artanis does currently. I will check next week.
> >>
> >>
> > The current Artanis will check both session token (from cookies) and the
> > client IP.
> > This method was blamed to be overkilled because some users may be in the
> > same LAN with a unique external IP.
> > But I think IPv6 will cover this world finally, so I think this would be
> > the best way to go.
> > Of course, there's no conflict to add extra verification token. Patches
> or
> > proposals are welcome. ;-)
> >
> > Best regards.
>
>
next prev parent reply other threads:[~2019-10-24 23:42 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-20 6:10 Diversification [ branched from Re: conflicts in the gnu project now affect guile] Todor Kondić
2019-10-20 6:14 ` John Cowan
2019-10-21 6:35 ` Arne Babenhauserheide
2019-10-21 13:45 ` Amirouche Boubekki
2019-10-23 6:16 ` Amirouche Boubekki
2019-10-23 6:27 ` Nala Ginrut
2019-10-23 6:48 ` pelzflorian (Florian Pelz)
2019-10-23 10:37 ` Chris Vine
2019-10-23 11:25 ` pelzflorian (Florian Pelz)
2019-10-23 12:33 ` pelzflorian (Florian Pelz)
2019-10-23 13:47 ` tomas
2019-10-23 14:10 ` pelzflorian (Florian Pelz)
2019-10-23 19:09 ` Mikael Djurfeldt
2019-10-23 19:26 ` pelzflorian (Florian Pelz)
2019-10-23 19:19 ` Zelphir Kaltstahl
2019-10-24 1:01 ` Nala Ginrut
2019-10-24 9:19 ` pelzflorian (Florian Pelz)
2019-10-24 9:35 ` mailmam, web bridge, forum, p2p (was: Diversification) Amirouche Boubekki
2019-10-24 12:30 ` pelzflorian (Florian Pelz)
2019-10-24 14:15 ` Nala Ginrut
2019-10-24 16:39 ` Zelphir Kaltstahl
2019-10-24 23:42 ` Nala Ginrut [this message]
2019-10-25 1:39 ` mailmam, web bridge, forum, p2p Mike Gerwitz
2019-10-26 7:48 ` tomas
2019-10-26 10:35 ` Nala Ginrut
2019-10-26 11:34 ` tomas
2019-10-27 4:50 ` Mike Gerwitz
2019-10-27 5:32 ` Mike Gerwitz
2019-10-27 8:50 ` tomas
2019-10-27 8:36 ` tomas
2019-10-27 14:26 ` Keith Wright
2019-10-27 19:28 ` Zelphir Kaltstahl
2019-10-25 6:08 ` mailmam, web bridge, forum, p2p (was: Diversification) pelzflorian (Florian Pelz)
2019-10-25 6:23 ` Nala Ginrut
2019-10-26 4:31 ` mailmam, web bridge, forum, p2p Mike Gerwitz
2019-10-26 9:35 ` pelzflorian (Florian Pelz)
2019-10-26 11:31 ` tomas
2019-10-24 13:32 ` mailmam, web bridge, forum, p2p (was: Diversification) tomas
2019-10-24 15:03 ` Nala Ginrut
2019-10-24 15:12 ` tomas
2019-10-24 16:35 ` Zelphir Kaltstahl
2019-10-26 8:04 ` tomas
2019-10-26 9:42 ` pelzflorian (Florian Pelz)
2019-10-26 11:31 ` tomas
2019-10-25 11:30 ` Mikael Djurfeldt
2019-10-25 12:53 ` Nala Ginrut
2020-09-05 6:15 ` Diversification [ branched from Re: conflicts in the gnu project now affect guile] Joshua Branson via General Guile related discussions
2020-09-05 11:50 ` Web development Zelphir Kaltstahl
2020-09-05 13:09 ` Ricardo Wurmus
2019-10-28 11:04 ` mailman web interface (was: Diversification) pelzflorian (Florian Pelz)
2020-07-08 12:32 ` pelzflorian (Florian Pelz)
2020-09-05 6:21 ` mailman web interface Joshua Branson via General Guile related discussions
2020-09-05 7:53 ` pelzflorian (Florian Pelz)
2020-09-05 13:32 ` Joshua Branson
2019-10-23 13:43 ` Diversification [ branched from Re: conflicts in the gnu project now affect guile] tomas
2019-10-23 17:39 ` Chris Vine
2019-10-23 19:58 ` Mailman web interface [was: Re: Diversification] pelzflorian (Florian Pelz)
2019-10-23 20:02 ` Diversification [ branched from Re: conflicts in the gnu project now affect guile] pelzflorian (Florian Pelz)
2019-10-26 8:14 ` tomas
2019-10-26 9:03 ` pelzflorian (Florian Pelz)
2019-10-26 11:26 ` tomas
2019-10-26 13:02 ` Zelphir Kaltstahl
2019-10-26 15:23 ` tomas
2019-10-26 16:47 ` pelzflorian (Florian Pelz)
2019-10-26 17:09 ` pelzflorian (Florian Pelz)
[not found] ` <874kzslwq0.fsf@elephly.net>
2019-10-28 15:41 ` pelzflorian (Florian Pelz)
2019-10-23 13:45 ` tomas
2019-10-20 8:07 ` pelzflorian (Florian Pelz)
2019-10-20 8:08 ` pelzflorian (Florian Pelz)
2019-10-22 18:47 ` Mark H Weaver
2019-10-22 19:23 ` Zelphir Kaltstahl
2019-10-22 20:51 ` Arne Babenhauserheide
2019-10-22 23:24 ` Chris Vine
2019-10-23 0:57 ` Zelphir Kaltstahl
2019-10-23 6:44 ` pelzflorian (Florian Pelz)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/guile/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPjoZofVps5hF3GCWpZFGhXMkU8K4SS+1cfHapobGVQy2dZtNw@mail.gmail.com \
--to=nalaginrut@gmail.com \
--cc=guile-user@gnu.org \
--cc=zelphirkaltstahl@posteo.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).