alluoshi Posted November 26, 2008 Share Posted November 26, 2008 Hi guys. I would like to know how Apache identifies clients/browsers. If many users are accessing a multi-user web application through Apache at the same time from their browsers, what is the method that Apache uses to identify each client or even each browser on the same machine? Quote Link to comment Share on other sites More sharing options...
corbin Posted November 27, 2008 Share Posted November 27, 2008 There is no reliable way to know who/what is connecting to a server. HTTP is a very trusting protocol (because it has to be, not because it has a flaw [in that respect]). Apache doesn't specifically ID clients/browsers. It knows the IP address, and it knows the headers the client sent. That's all it knows. It only knows what the client tells it. And all of the information is very, very easily fake-able. "what is the method that Apache uses to identify each client or even each browser on the same machine?" That could be told by IP address (although, IP addresses can be the same for computers behind a router too, so it could actually be multiple computers). There's no solid way to know if a subsequent, or even a concurrent request is from the same machine. Quote Link to comment Share on other sites More sharing options...
alluoshi Posted November 27, 2008 Author Share Posted November 27, 2008 After doing some experiments and testing the log file, I noticed that each client/browser is identified by a token. But this token comes from php and not from Apache. As you said, Apache knows the ip address of the client but a client might use many browsers on the same machine. So do you think that the identification of each client comes from php or any server side scripting? Quote Link to comment Share on other sites More sharing options...
corbin Posted November 27, 2008 Share Posted November 27, 2008 It's probably PHP sessions. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.