Associating an IP Address with a Session ID

Question

Associating an IP Address with a Session ID

To prevent a session commit problem, how can we associate an IP address with a session ID? Is it possible to associate a session identifier with an IP address identifier?

+5

binding

Neetha Mar 6 '09 at 10:04

source share

4 answers

Dirk vollmar · Answer 1 · 2009-03-06T10:10:39+0000

I do not think it's a good idea. A subsequent request from the same users may not necessarily come from the same IP address, since the request may come from a different proxy. IIRC this was the case for all AOL users, and this can happen for other providers or in some corporate networks.

It is better to protect your session with tokens in order to prevent a high-level session.

PaulJWilliams · Answer 2 · 2009-03-06T10:10:11+0000

, . , IP- . AOL , .

farzad · Answer 3 · 2009-03-06T10:13:11+0000

. , IP- . , , -, IP-. ( , high-play cookie) . , cookie IP- . , IP- , .

vartec · Answer 4 · 2009-03-06T10:11:51+0000

http://en.wikipedia.org/wiki/Session_fixation

if($_SERVER['REMOTE_ADDR'] != $_SESSION['PREV_REMOTEADDR']) {
   session_destroy(); // destroy all data in session
}
session_regenerate_id(); // generate a new session identifier
$_SESSION['PREV_REMOTEADDR'] = $_SERVER['REMOTE_ADDR'];

Associating an IP Address with a Session ID

More articles: