7 Dec
2010
7 Dec
'10
10:04 a.m.
I see in the administration documentation:
Encrypt cookies using IP address
Even if the password cannot be extracted from the cookie, the cookies might
be stolen See: XSS and used as they are.
By setting the xwiki.cfg parameter xwiki.authentication.useip to true you
can block the cookies from being used except by the same ip address which
got them.
But when I look in xwiki.cfg, there is no mention of useip. Is this option
still recommended for use?
thanks
Paul