> > Do you null the user if the IP changes? IPs can change > > during a user's > > session, so I wouldn't base the validity of the session > > solely based on IP. > When that happens a user has to relogin. No data will be lost.
Relogin? Huh, I'd never visit a site where I have to login on every twice click. For some reason our company share 5 ip adresses for it's employees with NAT. We don't ever know what is our *current* request's ip, it's always changes by chance. It could be that I use one ip while I'm visiting a site (it's not likely), but it could be that my 5 requests get to the site sitting on 5 different ips. So I don't recommend using the visitors ip address for anything. Arpi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]