I am looking to insert an IP address check to the RememberMe login flow.
~I know I can get the IP Address from the
~I know how to read/write to the cookie
I’m just not sure how to override the standard
Some ideas can be found here.
If you want to store the address right in the remember me token, you may need to:
RememberMeToken class. Please note that the token is an entity, so, you’ll have to extend the class as an entity
com.haulmont.cuba.security.app.UserManagementServiceBean#generateRememberMeToken by extending the service
May I ask why do you need this functionality and how are you going to use it?
My thought process is that it can be used as another layer of security. If the IP address changes (implying the device has changed networks), I want the cookie to be invalidated.
I develop custom business software and I am trying to mitigate the risk of a computer being stolen and the thief getting access to the data in the software. While it isn’t a perfect solution, it seems like an easy extra layer implement.
It’s a valid case, I agree. But this might cause some issues when you use your laptop and should log in from remote places. Or if you have a DHCP in your organization, you might have issues when your computer is rebooted.
You can go forward with any of the options I specified above. But do not forget about other means of protection like VPN.