i recently had to make a change to Security Settings - Session IP Validation where i had to lower it to "None". since i am big on security and hate to reduce security i am reaching out to see if anyone has any information on why i am doing this to my board after not having any issues since installing back in February of this year.
here is some background info on why i had to make the change. as i stated, my board has been in place since Feb. of this year and the setting in question was in its default state. a few weeks ago, possibly a month, i noticed on my cell phone using the chrome browser that when i logged into my forums that as soon as i logged in, i was brought straight back to the logon screen (i dont allow "remember me"). i tried it a few times and got frustrated and since i had firefox on my phone i tried there and it logged in fine. used it that way ever since and thought it was just my issue and i would fix it when i felt like it. then last night another user called me and described the same issue on his phone. i did not ask him the browser he was using though
so i knew it was a bigger issue than i thought, but not huge as i only got one complaint in the weeks since i first noticed it on my phone.
so now i knew i had to try and fix it. i first deleted all brosing history and cookies on my phone for the chrome browser and that did not fix it. then i hit the google and found a few posts similar to my issue in the 3.0.x forums that suggested lowering the Session IP Validation to "A.B" or "None". lowering to "A.B" did not help me, "None" worked. i confirmed with the other user and he got in as well.
so why am i having to do this 5 months after my board is in place and what holes am i opening up? i like better security and i feel like i am laxing it a bit by doing this. are there any better suggestions?
Thanks in advance