Because i needed some extra functionality for the DB session class, i created a new extension which does some extra security checks on the user ip and user agent.
The extension can be found here: http://www.yiiframework.com/extension/session/
Basically, the class extends CDbHttpSession and adds 3 new properties,
1)compareIpBlocks- (integer) How many blocks from the ip address should be compared (defaults to 0). It has an effect only if the value is > 0 and compareIpAddress is set to true. 2)compareIpAddress - (boolean) If the client ip should be checked. 3)compareUserAgent - (boolean) If the User Agent should be checked. It will check the first 50 chars from the user agent;
So, you can check for a full ip address and/or user agent against the data from database.
Also, you can do a partial lookup on the ip address, matching 1/2/3 ip blocks, this is useful when the users have dynamic ip addresses and you don’t want to log them out when the ip changes.
Anyway, you need to test the extension to see how it works.
I tested it and i found no bug, but any feedback is appreciated.