I’m hoping to get some feedback from other site owners regarding how they view and have handled this issue.

I have an AOL user that is trying to register/login, but is receiving the “You are not authorized to perform this action” error message. I’ve read threads and the Kbase entry which explains what the issue is and the work around that says to turn off “Require IP Address and User Agent for Login” in Admin > System Preferences > Security and Session Preferences

I’m not sure if I should turn it off and would like to get others input.

My questions are:

1. Is this a big security issue?
2. Are you doing this? And if so, have they seen issues relating to it?
3. Would you recommend it?
4. Do you know of any other solutions that work?

thanks

I can only answer #2; I built a website using EE for someone on AOL last year.  She had some login issues that I solved initially by changing the user session type to cookies only; the final solution was to have her use IE instead of AOL’s built-in browser.  It wasn’t any more of a hassle for her, and it easily solved the problem without potentially compromising her site’s security.  I’m not sure if that’s feasible for your users, but it worked in this particular case.

Disabling the Secure Forms feature is generally enough for AOL / Proxy users, though depending on how you accept user input and your Google rankings, you may find yourself hit occasionally by spam bots.