parent: 06481f76 | patch | commit | ignore whitespace
Tres Seaver
2009-05-20 00a6d9a7bdc1531559ee60dbd54f6f82f55b5c9f 
Issue 79: Documented issue with using ``include_ip`` in ``auth_tkt`` plugin.

See http://bugs.repoze.org/issue81 .

2 files modified
10 ■■■■■ changed files
CHANGES.txt 3 ●●●●● patch | view | raw | blame | history
docs/narr.rst 7 ●●●●● patch | view | raw | blame | history 
 CHANGES.txt


@@ -5,6 +5,9 @@


After 1.0.13


============




- Documented issue with using ``include_ip`` setting in the ``auth_tkt``


  plugin.  See http://bugs.repoze.org/issue81 .




- Added 'passthrough_challenge_decider', which avoids re-challenging 401


  responses which have been "pre-challenged" by the application.






 docs/narr.rst


@@ -226,6 +226,13 @@


  *include_ip* is True, the ``REMOTE_ADDR`` of the WSGI environment


  will be placed in the cookie.




.. note::


   Using the *include_ip* setting for public-facing applications may


   cause problems for some users.  `One study


   <http://westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf>`_ reports


   that as many as 3% of users change their IP addresses legitimately


   during a session.




.. module:: repoze.who.plugins.basicauth




.. class:: BasicAuthPlugin(realm)