On Fri, 5 Jul 2002, Kondwani Spike Mkandawire wrote: > Quick Question on Cookies vs. IP Number: > > They appear to be easy to set (well at least in PHP), hence quite > easily to get around (The user of your Site simply deletes the > Cookie on his Hard Drive...) In Konqueror you are actually > given the option of rejecting cookies... Using > getenv($REMOTE_ADDR) to retrieve someones IP number > isn't too reliable either in the case that someone is using > Dial Up... I just want to get ideas from other PHP Coders as > to how they secure their Sites and actually keep an accurate > record as to who and how many people visit your sites.. > coz even a combination of Cookies and IP would be easily > by-passed...
IP numbers are pretty useless for this. A given user's IP address can change during a session, and multiple users can share IP addresses. I'm not sure what your concerns about cookies are wrt security; they can be part of a pretty tight system. Perhaps you could elaborate. For people who don't accept session cookies, you'll have to pass a token around in the URL or in a hidden form item. miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
