Does lock sessions to ip address from where they originated work for mobile?

Question

I have enabled the option "lock sessions to ip address from where they originated" in security settings. However, I have noticed that for mobile sessions this does not take effect. If a mobile user is connected to WI-FI and logs in, and then switched to 3G, the user is still able to access salesforce. The session does not get invalidated.  Is this a bug?

Salesforce Administrator · Answer

There would be no way to really make it effective for mobile devices if they had to validate every time the internet switched on a phone. That would switch so often it would be unreal. That's the reason you needed a validation code the first time you used the phone to access the site. It's validated by the phone's id rather than the ip address. It's not a bug.

Does lock sessions to ip address from where they originated work for mobile?

Data Management

Related Learning

More Help