Really? Your IP randomly changes when your surfing between say yahoo.com and msn.com does it? While it is true that you can force an IP change while your connected, I have not yet seen a provider which randomly decides to change your IP address in the middle of your surfing, if your talking about DHCP IP's on say Cable or ADSL modem's, then I can understand what your saying, but even then the IP change is almsot always at times when your computer is turned off or restarted.
I have been using an extra IP check in our sessions on a website which get's somewhere in the area of 500,000 unique hits a month and we have not had a single complaint of people's session's being dropped. Adam Voigt, Cisco Certificed Network Associate [EMAIL PROTECTED] On Thu, 2002-10-24 at 09:35, 1LT John W. Holmes wrote: > It's common for IP addresses to change while people are surfing. So you may > be needlessly kicking people out. > > ---John Holmes... > > ----- Original Message ----- > From: "Adam Voigt" <[EMAIL PROTECTED]> > To: "Shaun" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, October 24, 2002 9:01 AM > Subject: Re: [PHP] sessions > > > > You could, on the page where it initially creates there session, > > get there IP address and make that a session variable, then in > > one of your include files which is called on every page, check to > > see if the current users's IP match's the one of the $_SESSION[ip] > > variable, if it doesn't, just stop them dead with an exit; statement. > > > > Course this won't help for people behind the same public IP, but > > it's a start. You could also verify against what the browser identify's > > itself as, etc. > > > > Adam Voigt > > [EMAIL PROTECTED] > > > > On Thu, 2002-10-24 at 08:32, Shaun wrote: > > > Hi, > > > > > > If i use sid in the url , is it dangerous - can hackers gain info on > > > important variables storing username and passwords or is it save to use > , if > > > not what should i do. > > > > > > shaun > > > > > > > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
