14May
Would storing the users IP address in a session token be more secure?
In a web app, would storing a users IP address in a session be more secure then storing it without it? I think that if I store a JWT in their cookies that includes their IP address for session authentication, it would prevent attackers from being able to use another user's session token as their own because my server would check that the IP address from the request is the same as in the cookie.
Would this method make a web app more secure or is there a way to bypass these measures?
