I have a CodeIgniter 3 application with MySQL as the database. I had set the sess_match_ip to TRUE to check for the IP address of the users. Some of my clients has dynamic IPs which changes automatically. At the time of changing the IP address the application logged out them automatically. Please suggest me a alternate solution to prevent the users forms log out with changing the sess_match_ip to false.
$config['sess_match_ip'] = TRUE;
Just disable
sess_match_ip. I know it looks like an attractive option, but it is simply not suitable for a typical public webapp on the internet.It can be used as an extra security layer for restricted admin areas where only a handful of users are permitted anyway, but that's quite rare. Its primary use is for intranet systems where you control the whole network and there are no regularly changing IP addresses.