How often does the IP address that a website sees for a mobile device change (for example, is connected via GRPS, 3G, etc.), or is it stable enough that it is unlikely to change during a normal user session? "
I understand that the IP address is not device specific; this will be the IP address of the gateway through which the device is connected, which is distributed among many (many) devices. (Like devices connected via NAT, for example, users using a Wi-Fi connection or people on the corporate network behind a firewall, they all have the same public IP address.) This is good for my purposes. If it changes a lot for the same user during a session (everything is okay between sessions), this will be problematic.
Basically, I associate the user's session cookies with the clientβs IP address, which we saw when the user authenticated, as an imperfect protection against session hijacking by cookie theft . It is imperfect; This is one of several measures used to reduce the attack surface. But this will cause problems for mobile users if we constantly terminate their sessions because their visible IP address has changed.
But the question is not about session cookies, but about the frequency with which the visible IP address of the device changes.
Tj crowder
source share