> The question is this: what does Django do when multiple > requests come in from different IP addresses that are > reporting the same session id? Does Django dump the session > data and create new session ids for the offending clients?
I believe the answer is "Django does the right thing", i.e. it allows it just fine. If I'm using the web-app via WiFi or my LAN, I have one external IP address, then I have to hit the road, so I switch to my cellular connection[1], my requests come from a different IP address. Or one might be behind a load-balancing NAT (I believe AOL did/does something like this) so requests from the same user behind the NAT can appear to be coming from different public IP addresses. That said, I expect it would be possible to track the IP address in your session, and create a middleware that would reissue the a fresh session if it notices a change in IP address. However, that's something Django gives you hooks to implement your desired behavior for yourself (you may want any change of IP address, or you might want any change that moves outside a particular netmask, or you might want to redirect to a sign-in page, or...) -tim [1] purely speculation from a cell-phone-free person :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
