Any chance to enhance the CDbSession class

The database session class can be more secure than it is now, by doing additional checks on the IP/UserAgent not just session_id. A few months ago, i wrote this extension: which does just that, allows the user, optionally, to enable IP and/or user-agent check when reading sessions.

Is there any chance to have this in Yii by default ?

I mean, there is no performance issue at all, it’s just a great security plus which we should have by default and not depending on this by using an extension(this sounds mean even though i wrote the extension :D )

Just my two cents.

Some ISPs are changing ips dynamically once in an hour. User agent is not a reliable identifier as well.

I agree to samdark. If that was a reasonable way to guarantee extra security, PHP would probably even have it built in to its session mechanism. If you really want that, you still can use your extension.