For more information... RTFM!
NAVIGATION
PAGES THAT LINK HERE
ACCOUNT LOGIN

You are not logged in
Powered by Interchange version 5.7.0

WideOpen

Disable IP-based qualification of user sessions.

Synopsis

WideOpen  Yes

This is a Yes or No directive.  The default is No.

Scope

This directive is only available for use in the local (catalog.cfg) configuration file.  It will not affect any other website in any way.  This directive will not work in the global (interchange.cfg) configuration file. 

Description

Warning

Warning

This directive disables IP-based qualification of user sessions, which usually results in reduced website security.

When WideOpen is enabled, no IP-based checking is done, so anyone guessing a valid session ID can hijack another client's session.  This can be done by accident;  If a user publishes link to your website and that link contains a session ID, then several people might follow that link at once and share the same session.

This option was introduced to achieve more compatibility with old browsers, at cost of some security.  Do not enable it unless you first experience problems.  Also do not use it unless you are using some sort of encryption (GnuPG or PGP etc.), or a real-time payment gateway.

Category:  Local config directives
Last modified by: Kevin Walsh
Modification date: Thursday 29 June 2006 at 11:19 PM (EDT)
Home  |  Legal nonsense  |  Privacy policy  |  Contact us
Copyright © 2001-2012 Cursor Software Limited.  All Rights Reserved.