Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Careful about doing this. Laptop and phones change networks. If my wifi is weak you'll see my phone switch to data intermittently. Forcing me to re-auth every switch would be painful. Some VPN providers also change IP addresses regularly (I've seen <1 minute between switches).


Also people in countries where the government censors the internet often use VPNs to bypass that censorship, so their IP address might change many times a day, including jumping to a different country. IP addresses should really not be used for anything beyond packet routing.


You can adjust it to accommodate this, by allowing more than one single combo to be "legit" but it does add extra friction.

However, when combined with other things it can at least let "my browser, at my home on my fixed IP" not have to login every ten minutes.

Other systems handle this by only doing the "session detailed check" when you perform privileged activities.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: