0

If users are authentified with a sessionID (through cookies), would it increase security if we force users to log in again if for any reason their IP changed during their session?
Or is this not worth and would just impact UX for maybe a mobile user?

We also want to send a notification when a new log-in happens with a different IP, but was also wondering about IP changes for the same session

mentallurg
  • 10,256
  • 5
  • 28
  • 44
caub
  • 101
  • 1
  • 4
    Does this answer your question? [Log user out after change of IP address?](https://security.stackexchange.com/questions/220364/log-user-out-after-change-of-ip-address), [Why aren't sessions exclusive to an IP address?](https://security.stackexchange.com/questions/139952/why-arent-sessions-exclusive-to-an-ip-address) – Steffen Ullrich Dec 27 '21 at 11:18
  • Thanks @SteffenUllrich yes it does – caub Dec 27 '21 at 11:44

0 Answers0