Questions answered by this recipe
Can I make my wiki more secure?
This recipe will make a wiki more secure. It binds the session to its original IP (subnet). It also binds the browser name. An attacker would have to fake both in order to steal a session. This recipe is good to use if you have a person login (for example with AuthUser) or uses a password to change your wiki.
There are 2 steps to installing SessionGuard.
Create a page call "Site.InvalidLoginInformation". You can customize this page any way you want.
Someone might put:
(:notitle:) !!Your login information seems to be invalid. Technical details: Your session ID seems to belong to another user. Return to [[Main/HomePage|Home]].
In mine I put:
If you are using AuthUser place this before it in your config.php:
or in your farmconfig.php enter:
Use "require" and not "include" - "For security stuff, always require."
This program is free software. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation http://www.fsf.org either version 2 of the License, or (at your option) any later version.
Copyright 2007 by GNUZoo email: guru [snail] gnuzoo [period] org
Please donate to the author at url: http://gnuzoo.org/GNUZooPayPal
GNUZoo created and maintains recipe
Sven created initial code